CVE-2018-0095Cisco Asyncos vulnerability

CWE-26414 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 75.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Asyncos
Timeline
PublishedJan 18
Latest updateMay 13

Description

A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is due to an incorrect networking configuration at the administrative shell CLI. An attacker could exploit this vulnerability by authe

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDcisco/asyncos9.1.1-005, 9.7.2-065+1

🔴Vulnerability Details

2
GHSA
GHSA-24rf-59x9-98x7: A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) c2022-05-13
CVEList
CVE-2018-0095: A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) c2018-01-18

📋Vendor Advisories

1
Cisco
Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability2018-01-18

💬Community

3
Bugzilla
CVE-2018-2629 OpenJDK: GSS context use-after-free (JGSS, 8186212)2018-01-15
Bugzilla
CVE-2018-2582 OpenJDK: insufficient validation of the invokeinterface instruction (Hotspot, 8174962)2018-01-15
Bugzilla
CVE-2018-2602 OpenJDK: loading of classes from untrusted locations (I18n, 8182601)2018-01-15
CVE-2018-0095 — Cisco Asyncos vulnerability | cvebase