Описание
A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device.
Уязвимость микропрограммного обеспечения межсетевого экрана Cisco Adaptive Security Appliance, связанная с ошибками процедуры авторизации, позволяющая нарушителю повысить свои привилегии
EPSS
8.1 High
CVSS3
5.5 Medium
CVSS2