Security Advisory: Critical Security Flaw in Cisco URWB Access Points – Immediate Action Required

Cisco has identified a critical vulnerability (CVE-2024-20418) affecting Ultra-Reliable Wireless Backhaul (URWB) Access Points. This flaw, with a maximum CVSS score of 10.0, could allow unauthenticated attackers to execute commands with root privileges on the underlying operating system of affected devices.

Critical Security Flaw in Cisco URWB Access Points Technical Overview

Cisco’s Unified Industrial Wireless Software, specifically its web-based management interface, contains an input validation vulnerability. By sending specially crafted HTTP requests, threat actors can exploit this flaw to gain elevated access to vulnerable systems.

The following products are impacted when running in URWB mode:

• Catalyst IW9165D Heavy Duty Access Points
• Catalyst IW9165E Rugged Access Points and Wireless Clients
• Catalyst IW9167E Heavy Duty Access Points

Devices not operating in URWB mode are unaffected.

How to Check if You’re Affected

Admins can verify if URWB mode is enabled by running the CLI command:
show mpls-config

• If this command is available, URWB is enabled, and the device may be vulnerable.
• If not, URWB is disabled, and your device is not impacted by this specific flaw.

What Our Threat Intelligence Team is Seeing

Although Cisco has not yet observed this vulnerability being exploited in the wild, its critical nature and potential impact demand immediate attention. If successfully exploited, this flaw could give attackers root-level access, allowing them to compromise device integrity, exfiltrate data, or disrupt operations entirely.

What We Suggest to Mitigate Critical Security Flaw in Cisco URWB Access Points

1. Upgrade Immediately:
   • Cisco has addressed this vulnerability in Unified Industrial Wireless Software version 17.15.1.
   • Users running versions 17.14 and earlier should upgrade as soon as possible.
2. Verify Operating Mode:
   • Use the CLI command above to check if URWB mode is enabled.
3. Regular Security Audits:
   • Perform routine checks on all Cisco devices for software updates and configuration integrity.
4. Stay Informed:
   • Monitor Cisco’s Security Advisories for updates.
5. Read Cisco’s Full Advisory:
   • Detailed information and mitigation steps can be found in Cisco’s official advisory: CVE-2024-20418 Advisory.
6. Implement Network Segmentation and Monitoring:
   • Limit the potential impact of any successful exploit by isolating critical systems and closely monitoring network activity.