Multiple vulnerabilities in Cisco Web Security Appliance
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-0428 CVE-2018-0410 |
| CWE-ID | CWE-264 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco Web Security Appliance Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU14427
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0428
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists in the account management subsystem of Cisco Web Security Appliance (WSA) due to improper implementation of access controls. A local attacker can authenticate to the device, escape the CLI subshell and execute system-level commands on the underlying operating system as root.
MitigationThe vulnerability has been fixed in the versions 10.1.3-054, 10.5.2-072.
Vulnerable software versionsCisco Web Security Appliance: 10.0.0 959 - 11.5.0 FCS 000
CPE2.3- cpe:2.3:a:cisco_systems:cisco_web_security_appliance:10.0.0 959:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_web_security_appliance:10.5.0 FCS 000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_web_security_appliance:11.0.0 FCS 250:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU14428
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-0410
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances due to improper management of memory resources for TCP connections. A remote attacker can establish a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6, exhaust system memory and cause the system to stop processing new connections.
MitigationThe vulnerability has been fixed in the versions 11.5.0-614, 10.5.2-061, 10.1.3-054.
Cisco Web Security Appliance: 9.1.1 074 - 11.0.0 641
CPE2.3- cpe:2.3:a:cisco_systems:cisco_web_security_appliance:9.1.1 074:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_web_security_appliance:9.1.2 010:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_web_security_appliance:9.1.2 022:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
