Cisco BPA, WSA Bugs Allow Remote Cyberattacks

2021-07-09 17:31

A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation application and Cisco's Web Security Appliance and could allow authenticated, remote attackers to access sensitive data or take over a targeted system.

The first two bugs exist in the web-based management interface of the Cisco Business Process Automation, which is used to streamline various IT processes.

The flaws, which both rate 8.8 out of 10 on the CVSS vulnerability-severity scale, could allow an authenticated, remote attacker to elevate privileges to administrator-level.

The vulnerabilities affect Cisco BPA releases earlier than Release 3.1.

The issue exists in the configuration management of the Cisco AsyncOS operating system that powers the WSA. According to Cisco's advisory, it could allow an authenticated, remote attacker to perform command injection and elevate privileges to root.

These are just the latest patches that Cisco has issued; last month, it patched several high-severity security vulnerabilities in its Small Business 220 Series Smart Switches, which are intro-level networking gear for SMBs. The flaws could allow remote attacks designed to steal information, drop malware and disrupt operations, via session hijacking, arbitrary code execution, cross-site scripting and HTML injection.

News URL

https://threatpost.com/cisco-bpa-wsa-bugs-cyberattacks/167654/

#cisco #cyberattack

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4448	233	3127	1874	610	5844