Cisco fixes High-Severity bug in Secure Web Appliance

Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance.

Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control.

Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web Appliance.

An authenticated, remote attacker can exploit this issue to perform a command injection and elevate privileges to root.

“A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.” reads the advisory published by the IT giant. “This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.”

The root cause of the flaw is that user-supplied input to the web interface is not sufficiently validated.

An attacker can trigger the flaw by authenticating to the system and sending a crafted HTTP packet to the vulnerable device.

The vendor pointed out that to successfully exploit this vulnerability, an attacker would need at least read-only credentials.

The company recommends customers to upgrade to an appropriate fixed software release as indicated in the following table.

Cisco AsyncOS for Secure Web Appliance Release	First Fixed Release
Earlier than 12.5	Not vulnerable
12.5	Release no. TBD (Sep 2022)
14.0	Release no. TBD (Aug 2022)
14.5	14.5.0-537

At this time, there are no workarounds to address this issue, the good news is that Cisco is not aware of attacks exploiting this vulnerability in the wild.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.