Cisco has identified a critical security flaw in its web-based management interface for Unified Industrial Wireless Software. The flaw specifically affects systems using Cisco Ultra-Reliable Wireless Backhaul (URWB) access points that provide connectivity for industrial wireless automation. It results from improper input validation within the web-based interface, potentially allowing unauthenticated remote attackers to inject commands with root privileges to compromise the underlying system.
This vulnerability impacts the following Cisco products that are running a vulnerable software version with URWB mode enabled. These include Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Wireless Clients, and Catalyst IW9167E Heavy Duty Access Points.
Devices that do not operate in URWB mode are unaffected by this issue. Users can determine whether their device is vulnerable by running the show mpls-config command in the command-line interface. Cisco said that if the command is available, the device is vulnerable and, if not, the device is secure.
Cisco has also confirmed that several products are not affected by this vulnerability. These include the 6300 Series Embedded Services Access Points. The unaffected Aironet Series models are 1540, 1560, 1810, 1810w, 1815, 1830, 1850, 2800, 3800, and 4800.
Other unaffected products include Business Series 100 and 200 Access Points, Catalyst 9100 Series Access Points, Catalyst IW6300 Heavy Duty Series Access Points, FM Series Radio Transceivers, and IEC6400 Edge Compute Appliances.
Cisco has released free software updates to address the security flaw. Users have been urged by the company to apply these updates immediately, as no workarounds are available.
Cisco’s discovery of the vulnerability and broader efforts
The vulnerability was discovered by Cisco’s technical marketing engineer, DJ Cole, during internal security testing at the company. Earlier this year, Cisco also resolved another significant vulnerability, CVE-2024-20419, affecting the Smart Software Manager (SSM) On-Prem service and the earlier version, Cisco SSM Satellite.
This vulnerability had a critical CVSS 3.1 rating of 10 out of 10, allowing attackers to change administrator passwords. As with the current flaw, Cisco has strongly advised all affected users to update their systems to the latest software version to prevent exploitation.
Last month, Cisco confirmed that it is looking into reports of a data breach after a threat actor started offering what is claimed to be stolen company data for sale on a hacking forum. The allegations surfaced after IntelBroker, along with two individuals identified as “EnergyWeaponUser” and “zjj,” claimed to have breached Cisco’s systems on 10 June 2024, and obtained a substantial amount of developer-related data.
Read more: Cisco probes alleged data breach after hacker claims sale of information
