Hackers target Cisco primarily due to its critical role in global network infrastructure and security. Cisco’s devices are essential for protecting sensitive data and communications which makes them attractive targets for espionage.
Cybersecurity researchers at Cisco recently discovered a Cisco flaw that enables threat actors to run commands as root users.
A critical security vulnerability tracked as “CVE-2024-20418”, was detected recently in the web GUI of Cisco Unified Industrial Wireless Software installed on Ultra-Reliable Wireless Backhaul (URWB) Access Points.
A lack of input validation causes the flaw and allows remote unauthorized users to inject commands into the web interface of the attacked device by sending specially prepared HTTP requests.
If the vulnerability is exploited successfully, any threat actors can use all system-level commands through the operating system of the host device with root access and take over complete control of the device.
Challenges that MDR can help you resolve -> Get a Free Guide
This poses a great danger as there are no authentication is required to take advantage of the vulnerability and this enables the threat actor to execute commands from the network remotely.
The vulnerability is present in the internal web management interface of the device which makes it more threatening since this part is important for device management.
Cisco has fixed this serious vulnerability by releasing new patches, and, since no alternatives are found, these necessary security updates are very important for the security of the system.
Such vulnerability falls within the critical range of RCE vulnerabilities, which are expected to score high in CVSS as they allow remote access and root-level privilege without authenticated requirements.
CVE profile:-
Here below we have mentioned all the products that are vulnerable:-
- Catalyst IW9165D Heavy Duty Access Points
- Catalyst IW9165E Rugged Access Points and Wireless Clients
- Catalyst IW9167E Heavy Duty Access Points
To assess your device vulnerability level, the ‘show mpls-config’ CLI command may be useful, as its existence and functionality indicate that the URWB mode is turned on, and the device is vulnerable.
However, for those devices for which this command is not available, it is an indication that the URWB mode is turned off and they are safe from this particular vulnerability.
Wherever other Cisco products that implement standard MPLS configurations and don’t use the features of URWB will not be exposed to this security threat.
Vulnerability does not affect the following Cisco products:-
- 6300 Series Embedded Services Access Points
- Aironet 1540 Series
- Aironet 1560 Series
- Aironet 1810 Series OfficeExtend Access Points
- Aironet 1810w Series Access Points
- Aironet 1815 Series Access Points
- Aironet 1830 Series Access Points
- Aironet 1850 Series Access Points
- Aironet 2800 Series Access Points
- Aironet 3800 Series Access Points
- Aironet 4800 Access Points
- Business 100 Series Access Points and Mesh Extenders
- Business 200 Series Access Points
- Catalyst 9100 Series Access Points
- Catalyst IW6300 Heavy Duty Series Access Points
- FM Series Radio Transceivers
- IEC6400 Edge Compute Appliances
- Wireless LAN Controller (WLC) Software
Cisco makes its security software updates available free of charge via standard distribution channels to customers who have a service contract and hold a license.
In the absence of the contracts, fixes can be obtained through Cisco TAC after providing the product serial number and the advisory URL.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
The post Cisco Industrial Wireless Software Flaw Let Attackers Run Command As Root User appeared first on Cyber Security News.