Vulnerabilities > CVE-2018-0095 - Unspecified vulnerability in Cisco Asyncos 9.1.1005/9.7.2065
Summary
A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is due to an incorrect networking configuration at the administrative shell CLI. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a set of crafted, malicious commands at the administrative shell. An exploit could allow the attacker to gain root access on the device. Cisco Bug IDs: CSCvb34303, CSCvb35726.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Nessus
NASL family CISCO NASL id CISCO-SA-20180117-ESA.NASL description According to its self-reported version, the Cisco Email Security Appliance (ESA) is affected by a privilege escalation vulnerability. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. last seen 2020-06-01 modified 2020-06-02 plugin id 106400 published 2018-01-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106400 title Cisco Email Security Appliance Privilege Escalation Vulnerability code #TRUSTED 4e49409bf5c57bee360ab5ce693e929bb2aa960bec97396bc358768334ec756f23306adc0c10cec9751da5acd77fc57b88cfb77b47403f8b9e58a2723ebec5bea41156601f9bda4416a785feec14a5cc8c4452e92e688b8571b2ae68d386a03c54e08280cb75ab3f9c9d18b06d7f977ee5c488f567cbbf26a0b13c4993b134b503217de022eca657b7720a3fb3272c5adbfc3d2d1fae89b34022c993a36200945a7bf27f3aac907f3dbe4dafb719f7af6aef142b149fe47037137238f1bdf19029055e65cbd1f0a0d12a1c2a7923e9c97f83d72ae104fc5ea11b12730627cb30b29d7ce47f94bf7c1f3f1ca3a14a6bdc7b20bc990606b4666e9a574479bf34bba5ba68ebfcf8463121f65db0e6b31ae30324d6d58751d2b479c474be5cff317acf1508ec0ddacc326bf6b7ef0ab745e387d064aa80ac13eb2ba4bce40001c3ca8a556d1982437853fa818f7b148ed52bd31ba874cdf7fbb7b371881165b63ec84094a1c9ebdc6633ba6ff0b7d05377b94e4ba0e32570fcb8fb35906bc5d7fd5307d4ab527968d8ede89f713efdca122d8989b32890c9e421c088c47d413807f7911e4733197ee1c1221c5f7b4802644547fe50c6826b38a9d05e764f02d755235f38f19d24831a756421de2a9a4ce625e80037a8728cf568a70ce07777d3255cd5393bb145953d42d9a404b8e4cf64b13559b9dde22c1b290ee3e2838d0c323d # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(106400); script_version("1.7"); script_cvs_date("Date: 2019/12/20"); script_cve_id("CVE-2018-0095"); script_bugtraq_id(102729); script_xref(name:"CISCO-BUG-ID", value:"CSCvb34303"); script_xref(name:"CISCO-BUG-ID", value:"CSCvb35726"); script_xref(name:"CISCO-SA", value:"cisco-sa-2018117-esasma"); script_name(english:"Cisco Email Security Appliance Privilege Escalation Vulnerability"); script_summary(english:"Checks the Cisco Email Security Appliance (ESA) version."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the Cisco Email Security Appliance (ESA) is affected by a privilege escalation vulnerability. Please see the included Cisco BIDs and the Cisco Security Advisory for more information."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esasma script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?040af8d4"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb34303"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb35726"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco Security Advisory cisco-sa-20180117-esasma."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0095"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/17"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/26"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:email_security_appliance_firmware"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_esa_version.nasl"); script_require_keys("Host/AsyncOS/Cisco Email Security Appliance/Version"); exit(0); } include("audit.inc"); include("cisco_workarounds.inc"); include("ccf.inc"); product_info = cisco::get_product_info(name:"Cisco Email Security Appliance (ESA)"); vuln_list = [ {'min_ver' : '1.0.0.0', 'fix_ver' : '9.8.0.092'}, {'min_ver' : '10.0.0.0', 'fix_ver' : '10.0.1.087'} ]; if(product_info['version'] =~ "^[0-9]\.") fixed='9.8.0-092'; else fixed='10.0.1-087'; workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version', product_info['display_version'], 'fix', fixed ); cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_ranges:vuln_list);
NASL family CISCO NASL id CISCO-SA-20180117-SMA.NASL description According to its self-reported version, the Cisco Content Security Management Appliance (SMA) is affected by a privilege escalation vulnerability. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. last seen 2020-06-01 modified 2020-06-02 plugin id 106401 published 2018-01-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106401 title Cisco Content Security Management Appliance Privilege Escalation Vulnerability code #TRUSTED 3289798919aa372b4e33c2f2a03c4ef677985cf16b8cffd386e8eef7000b6835d78a4659f061e7c4667658cb220047cd0c4d4325ce0beb8a3156fe52b01e37c6c2e50e48df0ad350fbe706113a602bed60598bb1965e09057d578ec06d4be30d05b7ce6bf0e2a79b0773d03208e0ea70e7f736d4090832f30ff6523b254607e2b8fc390b6fbe08437a7e2a058cc2da0acc9539e59728aa8740f7cbedda33cdacf25f59fdb28485b82dc159f36eb050e288936204a0f1dc8ba4b372de1b35365e5bb613262d453e8ef264b0730ec98ad4d0af5195489344abf785a7d8ab6f999c25de274c4fd43fe4fa369ff6ce08d286a497dc9c140ae9644fd37ce594f09c6ab5fe30e65152b76ab1829dde5d34d9f94479e7a0e8fd76337781f2df742a94c9a62fb16cfa10eacc3f7fbb4d81487188c4df679ea77e535353fcd432900be69491c45c2b0ab22c3885b8c716403c75d07c2b24b1523b060d6cd9c9000813d324f1bcaccada4d5ae96c3a9b51dab2230de7f7de5e684905aae70b59f6cba3e00a0f5c317f55f2135ca7b161fdcb134292e85ef1a926fbeedd3cbbebe9afaadc7ca4ecbb814f3899cd779e01825b478bfa17abda01e64a8ebe25c85d84d1f525046471d14c3cc38f1648a635974a98e612a791445d21cae636692befe54f8c71919ca7b73124f0a53236c19a1398881227371db6c404dd44ab249cdbc4b42564d0 # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(106401); script_version("1.7"); script_cvs_date("Date: 2019/12/20"); script_cve_id("CVE-2018-0095"); script_bugtraq_id(102729); script_xref(name:"CISCO-BUG-ID", value:"CSCvb34303"); script_xref(name:"CISCO-BUG-ID", value:"CSCvb35726"); script_xref(name:"CISCO-SA", value:"cisco-sa-2018117-esasma"); script_name(english:"Cisco Content Security Management Appliance Privilege Escalation Vulnerability"); script_summary(english:"Checks the Cisco Content Security Management Appliance (SMA) version."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the Cisco Content Security Management Appliance (SMA) is affected by a privilege escalation vulnerability. Please see the included Cisco BIDs and the Cisco Security Advisory for more information."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esasma script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?040af8d4"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb34303"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb35726"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco Security Advisory cisco-sa-20180117-esasma."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0095"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/17"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/26"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:content_security_management_appliance"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_sma_version.nasl"); script_require_keys("Host/AsyncOS/Cisco Content Security Management Appliance/DisplayVersion", "Host/AsyncOS/Cisco Content Security Management Appliance/Version"); exit(0); } include("audit.inc"); include("cisco_workarounds.inc"); include("ccf.inc"); product_info = cisco::get_product_info(name:"Cisco Content Security Management Appliance (SMA)"); vuln_list = [ {'min_ver' : '1.0.0.0', 'fix_ver' : '11.0.0.115'} ]; workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version' , product_info['display_version'], 'fix' , '11.0.0-115' ); cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_ranges:vuln_list);
References
- http://www.securityfocus.com/bid/102729
- http://www.securityfocus.com/bid/102729
- http://www.securitytracker.com/id/1040221
- http://www.securitytracker.com/id/1040221
- http://www.securitytracker.com/id/1040222
- http://www.securitytracker.com/id/1040222
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esasma
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esasma