Cyber Security News

Cisco Industrial Wireless Software Flaw Let Attackers Run Command As Root User

Hackers target Cisco primarily due to its critical role in global network infrastructure and security. Cisco’s devices are essential for protecting sensitive data and communications which makes them attractive targets for espionage.

Cybersecurity researchers at Cisco recently discovered a Cisco flaw that enables threat actors to run commands as root users.

A critical security vulnerability tracked as “CVE-2024-20418”, was detected recently in the web GUI of Cisco Unified Industrial Wireless Software installed on Ultra-Reliable Wireless Backhaul (URWB) Access Points.

A lack of input validation causes the flaw and allows remote unauthorized users to inject commands into the web interface of the attacked device by sending specially prepared HTTP requests.

If the vulnerability is exploited successfully, any threat actors can use all system-level commands through the operating system of the host device with root access and take over complete control of the device.

Challenges that MDR can help you resolve -> Get a Free Guide

This poses a great danger as there are no authentication is required to take advantage of the vulnerability and this enables the threat actor to execute commands from the network remotely.

The vulnerability is present in the internal web management interface of the device which makes it more threatening since this part is important for device management.

Cisco has fixed this serious vulnerability by releasing new patches, and, since no alternatives are found, these necessary security updates are very important for the security of the system.

Such vulnerability falls within the critical range of RCE vulnerabilities, which are expected to score high in CVSS as they allow remote access and root-level privilege without authenticated requirements.

CVE profile:-

CVE profile (Source – Cisco)

Here below we have mentioned all the products that are vulnerable:-

  • Catalyst IW9165D Heavy Duty Access Points
  • Catalyst IW9165E Rugged Access Points and Wireless Clients
  • Catalyst IW9167E Heavy Duty Access Points

To assess your device vulnerability level, the ‘show mpls-config’ CLI command may be useful, as its existence and functionality indicate that the URWB mode is turned on, and the device is vulnerable.

However, for those devices for which this command is not available, it is an indication that the URWB mode is turned off and they are safe from this particular vulnerability.

Wherever other Cisco products that implement standard MPLS configurations and don’t use the features of URWB will not be exposed to this security threat.

Vulnerability does not affect the following Cisco products:-

  • 6300 Series Embedded Services Access Points
  • Aironet 1540 Series
  • Aironet 1560 Series
  • Aironet 1810 Series OfficeExtend Access Points
  • Aironet 1810w Series Access Points
  • Aironet 1815 Series Access Points
  • Aironet 1830 Series Access Points
  • Aironet 1850 Series Access Points
  • Aironet 2800 Series Access Points
  • Aironet 3800 Series Access Points
  • Aironet 4800 Access Points
  • Business 100 Series Access Points and Mesh Extenders
  • Business 200 Series Access Points
  • Catalyst 9100 Series Access Points
  • Catalyst IW6300 Heavy Duty Series Access Points
  • FM Series Radio Transceivers
  • IEC6400 Edge Compute Appliances
  • Wireless LAN Controller (WLC) Software

Cisco makes its security software updates available free of charge via standard distribution channels to customers who have a service contract and hold a license.

Fix chart (Source – Cisco)

In the absence of the contracts, fixes can be obtained through Cisco TAC after providing the product serial number and the advisory URL.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

Tushar Subhra Dutta

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

10 Best Vulnerability Assessment and Penetration Testing (VAPT) Tools in 2025

Vulnerability Assessment and Penetration Testing (VAPT) tools are an integral part of any cybersecurity toolkit,…

14 hours ago

Microsoft Entra ID Bug Allow Unprivileged Users to Change Their User Principal Names

Microsoft has allowed unprivileged users to update their own User Principal Names (UPNs) in Entra…

20 hours ago

IntelBroker Resigned as a BreachForums Owner

IntelBroker, a key figure within the dark web's BreachForums, has announced his resignation as the…

20 hours ago

Kubernetes Cluster RCE Vulnerability Let Attacker Takeover All Windows Nodes

A critical vulnerability in Kubernetes, designated as CVE-2024-9042, has been discovered, enabling attackers to execute…

1 day ago

CISA Warns of SonicWall 0-day RCE Vulnerability Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical…

1 day ago

100+ Vulnerabilities in LTE & 5G Infrastructure Enable Remote Core Compromise

Researchers from the University of Florida and North Carolina State University conducted an extensive analysis…

1 day ago