11-20-2019 06:06 AM - edited 02-21-2020 09:42 AM
It stated: A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device
In my environment, we only have admin users with read/write access. No one has read only access. Does it mean this security vulnerability does not not apply in my environment?
TIA
11-20-2019 06:34 PM
Even though a user is an authenticated administrator, the issue is that any LUA code should not be allowed to affect the underlying Linux. There is also the use case of compromised credentials. So you still have the vulnerability.
Whether or not is a significant concern to you depends on your security posture and possibly external requirements (such as compliance, auditors, legal etc.).
11-22-2019 06:42 AM
@Marvin Rhoads wrote:Even though a user is an authenticated administrator, the issue is that any LUA code should not be allowed to affect the underlying Linux. There is also the use case of compromised credentials. So you still have the vulnerability.
Whether or not is a significant concern to you depends on your security posture and possibly external requirements (such as compliance, auditors, legal etc.).
Well, I opened a TAC case with Cisco and TAC responded to me, in writing, that I am not vulnerable in my environment. This vulnerability only exists when you have environment with both read-only and read/write users. In an environment where you only have read/write admin users, it does not apply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide