SB2018060714 - Multiple vulnerabilities in Cisco Wide Area Application Services
Published: June 7, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2018-0352)
The vulnerability allows a local high-privileged ttacker to gain elevated privileges the target system.
The vulnerability exists n the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software due to insufficient validation of script files executed in the context of the Disk Check Tool. A local attacker with super user privileges (level 15) can replace one script file with a malicious script file while the affected tool is running, gain root-level privileges and take full control of the device.
2) Information disclosure (backdoor) (CVE-ID: CVE-2018-0329)
The vulnerability allows a remote attacker to obtain potentially sensitive information the target system.
The vulnerability exists in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. A remote attacker can use a backdoor account and the static community string in SNMP version 2c queries and read any data that is accessible via SNMP.
Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config').
Remediation
Install update from vendor's website.