Cisco Email Security Appliance on AsyncOS Administrative Shell access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.5 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in Cisco Email Security Appliance and Content Security Management on AsyncOS. This impacts an unknown function of the component Administrative Shell. Performing a manipulation results in access control. This vulnerability is cataloged as CVE-2018-0095. The attack must be initiated from a local position. There is no exploit available. It is recommended to upgrade the affected component.
Details
A vulnerability was found in Cisco Email Security Appliance and Content Security Management on AsyncOS (Anti-Malware Software) (version now known). It has been classified as critical. This affects some unknown processing of the component Administrative Shell. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-264. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is due to an incorrect networking configuration at the administrative shell CLI. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a set of crafted, malicious commands at the administrative shell. An exploit could allow the attacker to gain root access on the device. Cisco Bug IDs: CSCvb34303, CSCvb35726.
The bug was discovered 01/17/2018. The weakness was shared 01/18/2018 (Website). The advisory is shared at securitytracker.com. This vulnerability is uniquely identified as CVE-2018-0095 since 11/27/2017. An attack has to be approached locally. Required for exploitation is a authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 106400 (Cisco Email Security Appliance Privilege Escalation Vulnerability), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context c. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316233 (Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability (cisco-sa-20180117-esasma)).
Upgrading eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (106400) and SecurityFocus (BID 102729†). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.8VulDB Meta Temp Score: 7.6
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 106400
Nessus Name: Cisco Email Security Appliance Privilege Escalation Vulnerability
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
11/27/2017 🔍01/17/2018 🔍
01/17/2018 🔍
01/17/2018 🔍
01/18/2018 🔍
01/18/2018 🔍
01/19/2018 🔍
01/26/2018 🔍
02/01/2021 🔍
Sources
Vendor: cisco.comAdvisory: securitytracker.com⛔
Status: Not defined
Confirmation: 🔍
CVE: CVE-2018-0095 (🔍)
GCVE (CVE): GCVE-0-2018-0095
GCVE (VulDB): GCVE-100-112209
SecurityFocus: 102729 - Cisco Email Security and Content Security Management Local Privilege Escalation Vulnerability
SecurityTracker: 1040221
Entry
Created: 01/19/2018 07:49Updated: 02/01/2021 10:13
Changes: 01/19/2018 07:49 (69), 12/24/2019 08:39 (5), 02/01/2021 10:13 (2)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.