Executive Summary

Summary
TitleCisco Adaptive Security Appliance Software Privilege Escalation Vulnerability
Informations
Namecisco-sa-20181219-asa-privescFirst vendor Publication2018-12-19
VendorCiscoLast vendor Modification2018-12-19
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreN/AAttack RangeN/A
Cvss Impact ScoreN/AAttack ComplexityN/A
Cvss Expoit ScoreN/AAuthenticationN/A
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface.

The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJcGmvzXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczzdAP/ieumV/fHXI77M4BVX2Ko99JGm7g Ou/hLIciF4aoobljY1dNuE6dKNDqSsAe8P6e702em11gstNGf/jJVFXPAo/39RiM iJ4xb9vEiNf+LeUClZe8191/dzvzZu0M+ZWqSMuckasPEu1kyi1+sn8i86kMKi8L XA2R+nJj2D3oo5AhuegNmV/m1zBRpAGIah60ns52JKkGwQLWGlrM80GImvwI3c8J Y8hHkRvgQ3g891T5dLY6zFnoK+BeP1dD8Wv99nDQtNu+0Uq3ke2M/eMaUGdcvaIZ Pfh765+XYz4Ym8l4tG+U8ewCnin7fcYEHM32lCeEuOecIc9LiZs4HbXUN7r9nxXh 75IoR81BVBKXxZKYDD/lzinfQo11gzyL3dAis2uPhC99doFMtooM2YHsFnTeLrRx 6XUFppr0dPRTePqIdGZpbXb6GknYUzXM0YINxYWhpvSOJgnpc+bKClyaiFFhU0VW AdwUpfSZGBEzGIR1tRqXQd6V5YPjbIhRfgRWKQfaijeozXk4y7ymmgUJIFz2rE2P 5Uk60GV2F5oYLYiqC/O03fDoLa0NlE+5Gy+b9p7Z8NRfXvcpxYXQ3tUa8RqqF2fu o4DNBJYViiOvEusGi7k51TkAU123xqo7TIc9QLAlnq30CjYOXOfQrhlJL6v/2iH/ aoyDQXwBTBHPf1UP =Kktc END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

Nessus® Vulnerability Scanner

DateDescription
2018-12-21Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20181219-asa-privesc.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2018-12-24 17:21:21
  • Multiple Updates
2018-12-19 17:18:13
  • First insertion