A “Perfect” 10 vulnerability score is not what users of Cisco Ultra-Reliable Wireless Backhaul (URWB) systems were expecting. The recently discovered cybersecurity vulnerability CVE-2024–20418 is remote, easy, and gives full Admin rights to the device. That is potentially a devastating combination (hence the CVSS score of 10)!
Probably some overtime hours are in store for those patching these systems:
- Catalyst IW9165D Heavy Duty Access Points
- Catalyst IW9165E Rugged Access Points and Wireless Clients
- Catalyst IW9167E Heavy Duty Access Points.
The more strategic concern is that these devices are the type of systems that would be purchased and installed to protect either very sensitive systems or environments that cannot be easily patched — like Operational Technology (OT).
Given that a large portion of our Critical Infrastructure uses OT environments, this vulnerability represents a risk to crucial services we all rely upon, including telecommunications, power, water, transportation, and healthcare systems.
Have a good weekend!