cnvd - cnvd-2018-16179

CNVD-2018-16179

Vulnerability from cnvd - Published: 2018-08-23

Title

Cisco Web Security Appliance权限提升漏洞（CNVD-2018-16179）

Description

Cisco Web Security Appliance（WSA）是美国思科（Cisco）公司的一套Web安全设备。该设备提供基于SaaS的访问控制、实时网络报告和追踪、制定安全策略等功能。 Cisco Web Security Appliance (WSA)的帐户管理子系统存在权限提升漏洞。该漏洞源于访问控制实现不当。本地认证攻击者可利用该漏洞将权限提升到root，从而可转义CLI subshell并以root身份在底层操作系统上执行系统级命令。

Severity

高

Patch Name

Cisco Web Security Appliance权限提升漏洞（CNVD-2018-16179）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-escalation

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-0428

Impacted products

Name
['Cisco Web Security Appliance 11.5.0-FCS-000', 'Cisco Web Security Appliance 11.0.0-FCS-250', 'Cisco Web Security Appliance 10.5.0-FCS-000', 'Cisco Web Security Appliance 10.0.0-959']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105104"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0428"
    }
  },
  "description": "Cisco Web Security Appliance\uff08WSA\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957Web\u5b89\u5168\u8bbe\u5907\u3002\u8be5\u8bbe\u5907\u63d0\u4f9b\u57fa\u4e8eSaaS\u7684\u8bbf\u95ee\u63a7\u5236\u3001\u5b9e\u65f6\u7f51\u7edc\u62a5\u544a\u548c\u8ffd\u8e2a\u3001\u5236\u5b9a\u5b89\u5168\u7b56\u7565\u7b49\u529f\u80fd\u3002\r\n\r\nCisco Web Security Appliance (WSA)\u7684\u5e10\u6237\u7ba1\u7406\u5b50\u7cfb\u7edf\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbf\u95ee\u63a7\u5236\u5b9e\u73b0\u4e0d\u5f53\u3002\u672c\u5730\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6743\u9650\u63d0\u5347\u5230root\uff0c\u4ece\u800c\u53ef\u8f6c\u4e49CLI subshell\u5e76\u4ee5root\u8eab\u4efd\u5728\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u7cfb\u7edf\u7ea7\u547d\u4ee4\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-escalation",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-16179",
  "openTime": "2018-08-23",
  "patchDescription": "Cisco Web Security Appliance\uff08WSA\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957Web\u5b89\u5168\u8bbe\u5907\u3002\u8be5\u8bbe\u5907\u63d0\u4f9b\u57fa\u4e8eSaaS\u7684\u8bbf\u95ee\u63a7\u5236\u3001\u5b9e\u65f6\u7f51\u7edc\u62a5\u544a\u548c\u8ffd\u8e2a\u3001\u5236\u5b9a\u5b89\u5168\u7b56\u7565\u7b49\u529f\u80fd\u3002\r\n\r\nCisco Web Security Appliance (WSA)\u7684\u5e10\u6237\u7ba1\u7406\u5b50\u7cfb\u7edf\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbf\u95ee\u63a7\u5236\u5b9e\u73b0\u4e0d\u5f53\u3002\u672c\u5730\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6743\u9650\u63d0\u5347\u5230root\uff0c\u4ece\u800c\u53ef\u8f6c\u4e49CLI subshell\u5e76\u4ee5root\u8eab\u4efd\u5728\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u7cfb\u7edf\u7ea7\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Web Security Appliance\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-16179\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Web Security Appliance 11.5.0-FCS-000",
      "Cisco Web Security Appliance 11.0.0-FCS-250",
      "Cisco Web Security Appliance 10.5.0-FCS-000",
      "Cisco Web Security Appliance 10.0.0-959"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0428",
  "serverity": "\u9ad8",
  "submitTime": "2018-08-16",
  "title": "Cisco Web Security Appliance\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-16179\uff09"
}

CVE-2018-0428 (GCVE-0-2018-0428)

Vulnerability from cvelistv5 – Published: 2018-08-15 20:00 – Updated: 2024-11-26 14:46

Summary

A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco Bug IDs: CSCvj93548.

Severity ?

No CVSS data available.

CWE

CWE-284

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/105104	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1041536	vdb-entryx_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco Systems, Inc.	Web Security Appliance	Affected: unspecified

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:09.824Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105104",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105104"
          },
          {
            "name": "1041536",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041536"
          },
          {
            "name": "20180815 Cisco Web Security Appliance Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-escalation"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0428",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:51:54.504042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:46:37.413Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Web Security Appliance",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco Bug IDs: CSCvj93548."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-29T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "105104",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105104"
        },
        {
          "name": "1041536",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041536"
        },
        {
          "name": "20180815 Cisco Web Security Appliance Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-escalation"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-08-15T00:00:00",
          "ID": "CVE-2018-0428",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Web Security Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "unspecified"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco Bug IDs: CSCvj93548."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105104",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105104"
            },
            {
              "name": "1041536",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041536"
            },
            {
              "name": "20180815 Cisco Web Security Appliance Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-escalation"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0428",
    "datePublished": "2018-08-15T20:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-26T14:46:37.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-16179

CVE-2018-0428 (GCVE-0-2018-0428)

Tags

Sightings

Nomenclature