Cisco Web Security Appliance Account Management Subsystem access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.1 | $0-$5k | 0.00 |
Summary
A vulnerability marked as critical has been reported in Cisco Web Security Appliance. This impacts an unknown function of the component Account Management Subsystem. The manipulation leads to access control. This vulnerability is referenced as CVE-2018-0428. The attack can only be performed from a local environment. No exploit is available. It is suggested to install a patch to address this issue.
Details
A vulnerability was found in Cisco Web Security Appliance (Anti-Malware Software) (the affected version is unknown) and classified as critical. This issue affects an unknown code of the component Account Management Subsystem. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco Bug IDs: CSCvj93548.
The bug was discovered 08/15/2018. The weakness was published 08/15/2018 as cisco-sa-20180815-wsa-escalati as confirmed advisory (Website). The advisory is shared at tools.cisco.com. The identification of this vulnerability is CVE-2018-0428 since 11/26/2017. An attack has to be approached locally. A simple authentication is needed for exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 112122 (Cisco Web Security Appliance Privilege Escalation Vulnerability.), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316308 (Cisco Web Security Appliance Privilege Escalation Vulnerability(cisco-sa-20180815-wsa-escalation)).
Applying a patch is able to eliminate this problem. A possible mitigation has been published 2 hours after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (112122) and SecurityFocus (BID 105104†). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.1
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.7
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 112122
Nessus Name: Cisco Web Security Appliance Privilege Escalation Vulnerability.
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
11/26/2017 🔍08/15/2018 🔍
08/15/2018 🔍
08/15/2018 🔍
08/15/2018 🔍
08/15/2018 🔍
08/16/2018 🔍
08/27/2018 🔍
05/02/2023 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20180815-wsa-escalati
Status: Confirmed
CVE: CVE-2018-0428 (🔍)
GCVE (CVE): GCVE-0-2018-0428
GCVE (VulDB): GCVE-100-122945
SecurityFocus: 105104 - Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
SecurityTracker: 1041536
Entry
Created: 08/16/2018 06:21Updated: 05/02/2023 10:00
Changes: 08/16/2018 06:21 (69), 03/16/2020 08:08 (5), 05/02/2023 10:00 (4)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.