Executive Summary
| Summary | |
|---|---|
| Title | Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20181219-asa-privesc | First vendor Publication | 2018-12-19 |
| Vendor | Cisco | Last vendor Modification | 2018-12-19 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5.5 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJcGmvzXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczzdAP/ieumV/fHXI77M4BVX2Ko99JGm7g Ou/hLIciF4aoobljY1dNuE6dKNDqSsAe8P6e702em11gstNGf/jJVFXPAo/39RiM iJ4xb9vEiNf+LeUClZe8191/dzvzZu0M+ZWqSMuckasPEu1kyi1+sn8i86kMKi8L XA2R+nJj2D3oo5AhuegNmV/m1zBRpAGIah60ns52JKkGwQLWGlrM80GImvwI3c8J Y8hHkRvgQ3g891T5dLY6zFnoK+BeP1dD8Wv99nDQtNu+0Uq3ke2M/eMaUGdcvaIZ Pfh765+XYz4Ym8l4tG+U8ewCnin7fcYEHM32lCeEuOecIc9LiZs4HbXUN7r9nxXh 75IoR81BVBKXxZKYDD/lzinfQo11gzyL3dAis2uPhC99doFMtooM2YHsFnTeLrRx 6XUFppr0dPRTePqIdGZpbXb6GknYUzXM0YINxYWhpvSOJgnpc+bKClyaiFFhU0VW AdwUpfSZGBEzGIR1tRqXQd6V5YPjbIhRfgRWKQfaijeozXk4y7ymmgUJIFz2rE2P 5Uk60GV2F5oYLYiqC/O03fDoLa0NlE+5Gy+b9p7Z8NRfXvcpxYXQ3tUa8RqqF2fu o4DNBJYViiOvEusGi7k51TkAU123xqo7TIc9QLAlnq30CjYOXOfQrhlJL6v/2iH/ aoyDQXwBTBHPf1UP =Kktc END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CPE : Common Platform Enumeration
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | Cisco Adaptive Security Appliance admin REST API access attempt RuleID : 48644 - Revision : 1 - Type : POLICY-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-12-21 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20181219-asa-privesc.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2020-12-05 21:23:46 |
|
| 2019-02-04 21:21:35 |
|
| 2018-12-24 17:21:21 |
|
| 2018-12-19 17:18:13 |
|
