The Register: Cisco scores a perfect CVSS 10 with critical flaw in its wireless system

Source URL: https://www.theregister.com/2024/11/07/cisco_uiws_flaw/
Source: The Register
Title: Cisco scores a perfect CVSS 10 with critical flaw in its wireless system

Feedly Summary: Ultra-Reliable Wireless Backhaul doesn’t live up to its name
Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert.…

AI Summary and Description: Yes

Summary: Cisco has issued a critical alert regarding a high-severity vulnerability (CVE-2024-20418) in their Ultra-Reliable Wireless Backhaul systems, allowing attackers to potentially gain root access. This vulnerability poses a significant risk as it affects equipment used in critical infrastructure sectors.

Detailed Description: Cisco’s recent announcement about a critical flaw in its Ultra-Reliable Wireless Backhaul (URWB) systems is of considerable significance for professionals in security and infrastructure, particularly for those overseeing network security in industrial environments.

Key points from the alert include:

– **Vulnerability Identifier**: The flaw is referred to as CVE-2024-20418.
– **Affected Software**: The vulnerability lies within the Unified Industrial Wireless Software utilized by the URWB systems.
– **Exploitation Risk**:
– Attackers can exploit this vulnerability by sending specially crafted HTTP requests to the management interface of the devices.
– Once exploited, attackers can elevate their privileges to admin-level, allowing them to execute arbitrary commands with root access on the underlying operating system.
– **CVSS Score**: The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 10.0, indicating it is extremely critical and poses a high threat level.
– **Impact on Critical Infrastructure**: The affected devices are typically deployed in critical infrastructure environments (e.g., ports, factories), making the vulnerability particularly concerning.
– **Immediate Action Required**: Cisco has issued an urgent notice for users to patch their devices, as there are no workarounds available for this vulnerability.
– **Specific Devices Affected**:
– Catalyst IW9165D Heavy Duty Access Points
– Catalyst IW9165E Rugged Access Points and Wireless Clients
– Catalyst IW9167E Heavy Duty Access Points
– **Verification Process**: Users can check if URWB is enabled on their equipment using the command `show mpls-config` in the CLI.

In summary, the alert highlights the urgent need for security professionals to patch affected Cisco devices promptly to prevent any potential attacks that could exploit this significant vulnerability. Given its impact on critical infrastructure, organizations must prioritize addressing this issue to maintain security and compliance.