SEVERITY: Medium

CATEGORY: Vulnerability

ANALYSIS SUMMARY

This vulnerability could allow an authenticated but unprivileged (levels 0 and 1) user to perform privileged actions when command authorization is disabled on the Cisco ASA.

When command authorization is not enabled, the ASA distinguishes only between unprivileged (levels 0 and 1) and privileged (levels 2 through 15) users. Privileged (levels 2 through 15) users are expected to have full administrative access to the ASA via the web management interface, even without knowing the enable password. Command authorization is disabled on the ASA by default.

An attacker could trigger the flaw exploit by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user.

IMPACT

Remote privilege escalation; Attackers can read or write files on the system, overwrite firmware and create new users.

AFFECTED PRODUCTS

Cisco ASA 5500-X Series Firewall 9.9 (2)
Cisco ASA 9.1
Cisco ASA 9.2
Cisco ASA 9.3
Cisco ASA 9.4
Cisco ASA 9.5
Cisco ASA 9.6
Cisco ASA 9.7
Cisco ASA 9.8
Cisco ASA 9.9
Cisco ASA 9.10

REMEDIATION

Enabling command authorization will prevent from the exploitation of this vulnerability.
Vendor has released updates/patches for this vulnerability.
Customers are advised to migrate to a supported release (9.4.4.29, 9.6.4.20, 9.8.3.18, 9.9.2.36, or 9.10.1.7).

If you think you’re a victim of a cyber-attack, immediately send an email to soc@rewterz.com for a quick response.