Cisco fixes High-Severity bug in Secure Web Appliance

Cisco fixes High-Severity bug in Secure Web Appliance

Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance.

Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control.

Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web Appliance.

An authenticated, remote attacker can exploit this issue to perform a command injection and elevate privileges to root.

Cisco Secure Web Appliance

“A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.” reads the advisory published by the IT giant. “This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.”

The root cause of the flaw is that user-supplied input to the web interface is not sufficiently validated.

An attacker can trigger the flaw by authenticating to the system and sending a crafted HTTP packet to the vulnerable device.

The vendor pointed out that to successfully exploit this vulnerability, an attacker would need at least read-only credentials.

The company recommends customers to upgrade to an appropriate fixed software release as indicated in the following table.

Cisco AsyncOS for Secure Web Appliance Release First Fixed Release
Earlier than 12.5 Not vulnerable
12.5 Release no. TBD (Sep 2022)
14.0 Release no. TBD (Aug 2022)
14.5 14.5.0-537

At this time, there are no workarounds to address this issue, the good news is that Cisco is not aware of attacks exploiting this vulnerability in the wild.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco)




Leave a Reply

Your email address will not be published.