Cisco Bug: CSCvj93548 - Cisco Web Security Appliance Privilege Escalation Vulnerability
Mar 24, 2020
- Cisco Web Security Appliance
Known Affected Releases
11.0.0-FCS-250 11.5.0-FCS-000 WSA10.0.0-959 WSA10.5.0-FCS-000
Symptom: A vulnerability in account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privilege to root in a separate login shell. An exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-escalation Conditions: Please refer to the advisory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases