Wednesday, April 24, 2024

Privilege Escalation Flaw in Cisco ASA Allows Attackers To Read or Write Files in the System

A Privilege Escalation vulnerability discovered in Cisco ASA allows an lowest privilege user to overwrite the system’s firmware, full configuration file, and to create new users.

The vulnerability was identified by Tenable, tracked as CVE-2018-15465, allows a remote attacker to perform privileged actions in the web interface.

To exploit this vulnerability the attacker “requires the HTTP interface for IOS to be enabled, and the “aaa” authentication scheme needs to be set, which is not part of the ASAv default configuration.”

The vulnerability is due to the improper validation of user management in the webmanagement, an attacker could exploit this vulnerability by sending a crafted HTTP requests through HTTPS to the affected as an unprivileged user.

An attacker could exploit the vulnerability to retrive files from the device or to upload and replace software images on the device.

The vulnerability affects all the Cisco ASA Software running with web management access enabled.

Now Cisco has released an advisory and patches, enabling command authorization prevents the exploitation of this vulnerability.

Cisco recommends “Administrators who use the Adaptive Security Device Manager (ASDM) to manage the ASA are advised to enable command authorization by using the ASDM because doing so will allow the ASDM to push predefined command sets for different privilege to the ASA.”

Related Read

Cisco Releases Security Updates that Covers 16 Vulnerabilities that had Critical and High Impact

Cisco Released Security Updates for Multiple Vulnerabilities that Affected Cisco Products

Cisco Released Critical Security Updates for Vulnerabilities that Affected Cisco Products


Latest articles

Phishing Attacks Rise By 58% As The Attackers Leverage AI Tools

AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create...

Multiple MySQL2 Flaw Let Attackers Arbitrary Code Remotely

The widely used MySQL2 has been discovered to have three critical vulnerabilities: remote Code...

CoralRaider Hacker Evade Antivirus Detections Using Malicious LNK File

This campaign is observed to be targeting multiple countries, including the U.S., Nigeria, Germany,...

Spyroid RAT Attacking Android Users to Steal Confidential Data

A new type of Remote Access Trojan (RAT) named Spyroid has been identified.This...

Researchers Uncover that UK.GOV Websites Sending Data to Chinese Ad Vendor Analysts

Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites...

Ransomware Victims Who Opt To Pay Ransom Hits Record Low

Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members...

IBM Nearing Talks to Acquire Cloud-software Provider HashiCorp

IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles