Privilege escalation in Cisco Adaptive Security Appliance

1) Privilege escalation

EUVDB-ID: #VU16625

Risk: Low

CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-15465

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated but unprivileged attacker to gain elevated privileges on the target system.

The vulnerability exists in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software due to improper validation of user privileges when using the web management interface. A remote attacker can send specific HTTP requests via HTTPS to an affected device, retrieve files (including the running configuration) from the device or to upload and replace software images on the device with elevated privileges.

Mitigation

The vulnerability has been addressed in the versions 9.4.4.29, 9.6.4.20, 9.8.3.18, 9.9.2.36, 9.10.1.7.

Vulnerable software versions

Cisco Adaptive Security Appliance (ASA): 9.1 - 9.10

CPE2.3

• cpe:2.3:h:cisco_systems:asa:9.1:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:asa:9.2:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:asa:9.3:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:asa:9.4:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:asa:9.5:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:asa:9.6:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:asa:9.7:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:asa:9.8:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:asa:9.9:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:asa:9.10:*:*:*:*:*:*:*

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.