Multiple vulnerabilities in Cisco Wide Area Application Services
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-0352 CVE-2018-0329 |
| CWE-ID | CWE-119 CWE-798 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco Wide Area Application Services Server applications / Other server solutions |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU13221
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0352
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local high-privileged ttacker to gain elevated privileges the target system.
The vulnerability exists n the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software due to insufficient validation of script files executed in the context of the Disk Check Tool. A local attacker with super user privileges (level 15) can replace one script file with a malicious script file while the affected tool is running, gain root-level privileges and take full control of the device.
MitigationUpdate to versions 6.4(3.66), 6.4(1c)12, 6.4(1b)9, 6.2(3e)40.
Cisco Wide Area Application Services: 6.2.3
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure (backdoor)
EUVDB-ID: #VU13222
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0329
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information the target system.
The vulnerability exists in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. A remote attacker can use a backdoor account and the static community string in SNMP version 2c queries and read any data that is accessible via SNMP.
Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config').
MitigationThe vulnerability is addressed in the following versions: 6.4(3.46), 6.4(1b)15, 6.2(3e)31.
Cisco Wide Area Application Services: 6.2.3 - 6.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
