Guest

Preview Tool

Cisco Bug: CSCuo94842 - Cisco ASA-CX and Cisco PSRM Privilege Escalation Vulnerability

Last Modified

Aug 10, 2016

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases

9.2(1.3.11) 9.3(4.1.11)

Description (partial)

Symptom:

A vulnerability in the role-based access control of Cisco ASA-CX and Cisco Prime Security Manager (PRSM) could allow an authenticated, remote 
attacker to change the password of any user on the system.

Full advisory at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm 


Conditions:

The vulnerability exists because the password change request is not fully qualified. An authenticated attacker with a user role other than 
Administrator could exploit this vulnerability by sending a specially crafted HTTP request to the Cisco PRSM. An exploit could allow the attacker to 
change the password of any user on the system, including users with the Administrator role.

All versions of Cisco ASA-CX Content-Aware Security and Cisco PRSM software prior to 9.3.1.1(112) are affected by this vulnerability. 

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.