#VU52906 Improper Privilege Management in Cisco AsyncOS for Cisco Content Security Management Appliance - CVE-2021-1447
Published: May 6, 2021
Vulnerability identifier: #VU52906
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1447
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco AsyncOS for Cisco Content Security Management Appliance
Cisco AsyncOS for Cisco Content Security Management Appliance
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a procedural flaw in the password generation algorithm. A local user can enable specific Administrator-only features and connect to the appliance through the CLI with elevated privileges.
Successful exploitation of the vulnerability may allow execution of arbitrary code with root privileges.
Remediation
Install updates from vendor's website.