Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
731
Views
5
Helpful
1
Replies

CSCvm53531 - Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability

lmg
Level 1
Level 1

‎12-24-2018 02:56 AM

There doesn't seem to be a fix release for the 9.1 / 9.2 firmware trains on the matching Security Advisory for this bug (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc)... does anyone know if this is pending? Upgrading to 9.4.x is not an option for the ASA-5505 appliance as far as I understand, and the advisory makes no mention of the 5505 not being vulnerable.

4 people had this problem
Labels:
1 Reply 1

st92
Cisco Employee
Cisco Employee

‎01-17-2019 12:49 AM - edited ‎01-17-2019 01:11 AM

Hi Img,

Yes the fix for 9.1 is available in 9.4 train but this issue is impacting when there is web management access enabled, so you may use workaround by Enabling command authorization which prevents exploitation of this vulnerability. 

 

Enabling command authorization significantly changes the way that the Cisco ASA interprets privilege levels and authorizes actions. Before enabling the feature, administrators must clearly define which actions are allowed per privilege level using the privilege command in global configuration mode. Administrators should not enable command authorization using the aaa authorization command command until they have defined these actions.

0 Helpful
Customers Also Viewed These Support Documents