URWB

Overview

Cisco has disclosed a severe vulnerability, tracked as CVE-2024-20418, in its Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points. The flaw, rated with a maximum CVSS score of 10.0, affects multiple Cisco Catalyst Access Point models.

Attackers exploiting this vulnerability can gain root-level control, enabling unauthorized command execution on vulnerable devices.

Vulnerability Details

This critical CVE-2024-20418 vulnerability stems from improper input validation within Cisco’s web-based management interface, which controls URWB Access Points. A remote attacker without authentication can exploit this flaw by sending specially crafted HTTP requests to vulnerable devices, thereby injecting commands with root privileges on the device’s operating system.

Cisco has responded by releasing updates to mitigate the risk, advising immediate software upgrades as there are no workarounds. Importantly, only devices operating in URWB mode are impacted.

According to the Office of Information Technology of the New York State, while government institutions and business are at high risk of the bug, home users could be the least affected.

RISK:
Government:

  • Large and medium government entities: High
  • Small government entities: Medium

Businesses:

  • Large and medium business entities: High
  • Small business entities: Medium

Home users: Low

What is Cisco’s Ultra-Reliable Wireless Backhaul (URWB)?

Cisco’s URWB technology provides the robust, low-latency wireless connectivity essential for critical, high-stakes applications across industrial and mobile environments. Designed to replace costly and complex wired infrastructure, URWB enables seamless, multigigabit performance with minimal packet loss, making it invaluable for sectors relying on autonomous systems.

Industries including ports, railways, and manufacturing leverage URWB for real-time applications, such as video monitoring and remote machinery control, benefiting from reduced deployment costs and greater flexibility. The technology supports dual-mode capability, allowing devices to toggle between URWB and Wi-Fi 6/6E based on project needs, thereby optimizing infrastructure investments.

Affected Devices

The following Cisco Catalyst Access Points running a vulnerable version of Cisco’s Unified Industrial Wireless Software are affected if URWB mode is enabled:

  • Catalyst IW9165D Heavy Duty Access Points
  • Catalyst IW9165E Rugged Access Points and Wireless Clients
  • Catalyst IW9167E Heavy Duty Access Points

To determine if URWB mode is enabled, Cisco advises using the show mpls-config command. If available, URWB mode is active, and the device is vulnerable.

Cisco has confirmed that other products, including the 6300 Series Embedded Services Access Points, Aironet models, and Catalyst 9100 Series Access Points, are unaffected.

Mitigation Steps

Cisco has issued free software updates addressing this vulnerability. However, users must ensure they are compliant with licensing and have sufficient memory and compatible configurations for successful upgrades.

Customers without service contracts should reach out directly to the Cisco Technical Assistance Center (TAC) for help obtaining the necessary updates. More details can be found on Cisco’s Security Advisory page.

Fixed Software Releases

For the Cisco Unified Industrial Wireless Software versions affected, the company has released the following fixed versions:

  • 17.15 – First fixed in version 17.15.1
  • 17.14 and earlier – Cisco advises migrating to the nearest fixed release.

Security practitioners managing industrial or critical infrastructure networks are strongly urged to update vulnerable devices promptly. Failure to patch could expose systems to high-risk attacks due to the root-level access that this vulnerability permits.

Sources:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs

https://www.cisco.com/c/en/us/products/collateral/wireless/ultra-reliable-wireless-backhaul/ultra-wireless-backhaul-so.html

https://its.ny.gov/2024-123

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20418

The post Critical Bug in Cisco’s URWB Exposes Systems to Root Privilege Command Injection appeared first on Cyble.