SB2021050612 - Privilege escalation in Cisco AsyncOS for Cisco Content Security Management Appliance (SMA)
Published: May 6, 2021
Security Bulletin ID
SB2021050612
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Privilege Management (CVE-ID: CVE-2021-1447)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a procedural flaw in the password generation algorithm. A local user can enable specific Administrator-only features and connect to the appliance through the CLI with elevated privileges.
Successful exploitation of the vulnerability may allow execution of arbitrary code with root privileges.
Remediation
Install update from vendor's website.