Security News > 2021 > July > Cisco BPA, WSA Bugs Allow Remote Cyberattacks

Cisco BPA, WSA Bugs Allow Remote Cyberattacks
2021-07-09 17:31

A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation application and Cisco's Web Security Appliance and could allow authenticated, remote attackers to access sensitive data or take over a targeted system.

The first two bugs exist in the web-based management interface of the Cisco Business Process Automation, which is used to streamline various IT processes.

The flaws, which both rate 8.8 out of 10 on the CVSS vulnerability-severity scale, could allow an authenticated, remote attacker to elevate privileges to administrator-level.

The vulnerabilities affect Cisco BPA releases earlier than Release 3.1.

The issue exists in the configuration management of the Cisco AsyncOS operating system that powers the WSA. According to Cisco's advisory, it could allow an authenticated, remote attacker to perform command injection and elevate privileges to root.

These are just the latest patches that Cisco has issued; last month, it patched several high-severity security vulnerabilities in its Small Business 220 Series Smart Switches, which are intro-level networking gear for SMBs. The flaws could allow remote attacks designed to steal information, drop malware and disrupt operations, via session hijacking, arbitrary code execution, cross-site scripting and HTML injection.


News URL

https://threatpost.com/cisco-bpa-wsa-bugs-cyberattacks/167654/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751