Vulnerabilities > CVE-2021-1447 - Improper Privilege Management vulnerability in Cisco Content Security Management Appliance

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

cisco

CWE-269

NVD

Published: 2021-05-06

Updated: 2023-11-07

Summary

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Content Security Management Appliance 13.0.0-249 Cisco Content Security Management Appliance 13.5.0-114 Cisco Content Security Management Appliance 13.5.0-117 Cisco Content Security Management Appliance 13.6.0 Cisco Content Security Management Appliance 13.6.0-157 Cisco Content Security Management Appliance 13.6.1-193 Cisco Content Security Management Appliance 13.6.1-201 Cisco Content Security Management Appliance 13.6.2-023 Cisco Content Security Management Appliance - Cisco Content Security Management Appliance 8.3.6-039 Cisco Content Security Management Appliance 9.1.0 Cisco Content Security Management Appliance 9.1.0-031 Cisco Content Security Management Appliance 9.1.0-31 Cisco Content Security Management Appliance 9.1.0-033 Cisco Content Security Management Appliance 9.1.0-103 Cisco Content Security Management Appliance 9.5.0 Cisco Content Security Management Appliance 9.6.0 Cisco Content Security Management Appliance 9.6.6-068 Cisco Content Security Management Appliance 9.7.0-006 Cisco Content Security Management Appliance 10.0.0-203 Cisco Content Security Management Appliance 10.1.0-037 Cisco Content Security Management Appliance 10.1.0-049 Cisco Content Security Management Appliance 11.4.0-812 Cisco Content Security Management Appliance 12.0 Cisco Content Security Management Appliance 12.0.1 Cisco Content Security Management Appliance 12.5.0 Cisco Content Security Management Appliance 12.5.0-436	27

Common Weakness Enumeration (CWE)

CWE-269 - Improper Privilege Management

Common Attack Pattern Enumeration and Classification (CAPEC)

Restful Privilege Elevation
Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-priv-esc-JJ8zxQsC