On November 6, 2024, Cisco disclosed a critical vulnerability, identified as CVE-2024-20418, affecting its Unified Industrial Wireless Software, which has a CVSS score of 10/10.

This vulnerability allows remote, unauthenticated attackers to execute commands with root privileges on affected devices due to improper input validation in the management interface.

The flaw specifically impacts Cisco's Catalyst IW9165D, IW9165E, and IW9167E access points, commonly used in industrial and maritime environments, particularly when the Ultra-Reliable Wireless Backhaul (URWB) mode is enabled.

Users can check if their devices are vulnerable by executing the 'show mpls-config' command; if URWB mode is enabled, the device is at risk.

Cisco has emphasized the urgency of immediate patching for these devices, as there are currently no workarounds available to mitigate the vulnerability.

A fix has been released in Unified Industrial Wireless Software version 17.15.1, and users operating on versions 17.14 or earlier are strongly advised to upgrade to this version.

Cisco recommends that all customers download and install the free update immediately to protect against potential security breaches.

While Cisco's Product Security Incident Response Team (PSIRT) has not reported any active exploitation of this vulnerability in the wild, they urge users to apply patches promptly.

The vulnerability poses a significant risk as the affected equipment is typically used in critical infrastructure settings such as ports and factories.

In addition to CVE-2024-20418, Cisco also addressed other vulnerabilities, including CVE-2024-20484, which could allow unauthenticated attackers to cause denial-of-service conditions.

Another high-severity flaw, CVE-2024-20536, was identified in the Nexus Dashboard Fabric Controller, allowing remote, authenticated attackers to execute arbitrary SQL commands.

The critical flaw was discovered during internal security testing by a Cisco employee, and the company has not reported any public exploitation of it.