CVE-2018-0095

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is due to an incorrect networking configuration at the administrative shell CLI. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a set of crafted, malicious commands at the administrative shell. An exploit could allow the attacker to gain root access on the device. Cisco Bug IDs: CSCvb34303, CSCvb35726.

Una vulnerabilidad en el shell administrativo de Cisco AsyncOS en Cisco Email Security Appliance (ESA) y Content Security Management Appliance (SMA) podría permitir que un atacante local autenticado escale su nivel de privilegios y obtenga acceso root. El atacante necesita tener credenciales de usuario válidas con al menos un nivel de privilegios de un usuario invitado. La vulnerabilidad se debe a una configuración de red incorrecta en la interfaz de línea de comandos shell administrativa. Un atacante podría explotar esta vulnerabilidad autenticándose en el dispositivo objetivo y enviando una serie de comandos manipulados maliciosamente a un shell administrativo. Un exploit podría permitir que un atacante obtenga acceso root al dispositivo. Cisco Bug IDs: CSCvb34303, CSCvb35726.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-01-18 CVE Published
2023-03-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/bid/102729	Third Party Advisory
http://www.securitytracker.com/id/1040221	Third Party Advisory
http://www.securitytracker.com/id/1040222	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esasma	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Asyncos Search vendor "Cisco" for product "Asyncos"				9.1.1-005 Search vendor "Cisco" for product "Asyncos" and version "9.1.1-005"		-		Affected
Cisco Search vendor "Cisco"		Asyncos Search vendor "Cisco" for product "Asyncos"				9.7.2-065 Search vendor "Cisco" for product "Asyncos" and version "9.7.2-065"		-		Affected