cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
992
Views
0
Helpful
1
Replies
Rathsach
Beginner

Cisco Security Advisory - Local attacker

With reference to this advisory : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-vman-cmd-injection

It says "A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker.......". Keywords being "local attacker"

Definition of "Local" according to cvss v3 specs: https://www.first.org/cvss/v3.0/specification-document

"A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file."

 

How would you describe a "local attacker" from that given advisory i linked to, considering the cvss definitions? Example would be nice.

1 REPLY 1
Seb Rupik
VIP Advisor

Hi there,

If we take a 'network' attacker to mean the source of the attack is remote to the device being targeted, then a 'local' attacker is sourced from the device itself which is being attacked.

 

As the vulnerability states, it is an authenticated user issuing CLI commands, which implies they have logged onto the system. By issuing CLI commands to the system itself they are able to exploit the vulnerability.

 

cheers,

Seb.

Content for Community-Ad