Pierluigi Paganini
August 19, 2022
Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control.
Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web Appliance.
An authenticated, remote attacker can exploit this issue to perform a command injection and elevate privileges to root.
“A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.” reads the advisory published by the IT giant. “This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.”
The root cause of the flaw is that user-supplied input to the web interface is not sufficiently validated.
An attacker can trigger the flaw by authenticating to the system and sending a crafted HTTP packet to the vulnerable device.
The vendor pointed out that to successfully exploit this vulnerability, an attacker would need at least read-only credentials.
The company recommends customers to upgrade to an appropriate fixed software release as indicated in the following table.
| Cisco AsyncOS for Secure Web Appliance Release | First Fixed Release |
|---|---|
| Earlier than 12.5 | Not vulnerable |
| 12.5 | Release no. TBD (Sep 2022) |
| 14.0 | Release no. TBD (Aug 2022) |
| 14.5 | 14.5.0-537 |
At this time, there are no workarounds to address this issue, the good news is that Cisco is not aware of attacks exploiting this vulnerability in the wild.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Cisco)
[adrotate banner=”5″]
[adrotate banner=”13″]
