You are here
Home > Preporuke > Ranjivost Cisco ASA softvera

Ranjivost Cisco ASA softvera

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20181219-asa-privesc

Revision: 1.0

For Public Release: 2018 December 19 16:00 GMT

Last Updated: 2018 December 19 16:00 GMT

CVE ID(s): CVE-2018-15465

CVSS Score v(3): 8.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

+———————————————————————

Summary

=======

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface.

The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJcGmvzXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczzdAP/ieumV/fHXI77M4BVX2Ko99JGm7g
Ou/hLIciF4aoobljY1dNuE6dKNDqSsAe8P6e702em11gstNGf/jJVFXPAo/39RiM
iJ4xb9vEiNf+LeUClZe8191/dzvzZu0M+ZWqSMuckasPEu1kyi1+sn8i86kMKi8L
XA2R+nJj2D3oo5AhuegNmV/m1zBRpAGIah60ns52JKkGwQLWGlrM80GImvwI3c8J
Y8hHkRvgQ3g891T5dLY6zFnoK+BeP1dD8Wv99nDQtNu+0Uq3ke2M/eMaUGdcvaIZ
Pfh765+XYz4Ym8l4tG+U8ewCnin7fcYEHM32lCeEuOecIc9LiZs4HbXUN7r9nxXh
75IoR81BVBKXxZKYDD/lzinfQo11gzyL3dAis2uPhC99doFMtooM2YHsFnTeLrRx
6XUFppr0dPRTePqIdGZpbXb6GknYUzXM0YINxYWhpvSOJgnpc+bKClyaiFFhU0VW
AdwUpfSZGBEzGIR1tRqXQd6V5YPjbIhRfgRWKQfaijeozXk4y7ymmgUJIFz2rE2P
5Uk60GV2F5oYLYiqC/O03fDoLa0NlE+5Gy+b9p7Z8NRfXvcpxYXQ3tUa8RqqF2fu
o4DNBJYViiOvEusGi7k51TkAU123xqo7TIc9QLAlnq30CjYOXOfQrhlJL6v/2iH/
aoyDQXwBTBHPf1UP
=Kktc
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorToni Vugdelija
Cert idNCERT-REF-2018-12-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa openssl1.0

Otkriveni su sigurnosni nedostaci u programskom paketu openssl1.0 za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja...

Close