QID 317295
Date Published: 2023-03-29
QID 317295: Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager (SMA) Privilege Escalation Vulnerability (cisco-sa-esa-sma-privesc-9DVkFpJ8)
A vulnerability in the web UI and CLI of Cisco ESA and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker (web UI) or authenticated, local attacker (CLI) to elevate privileges to root. The attacker must have valid user credentials with Operator-level privileges or higher.
Affected Products
Earlier than 12.5 and Prior to 12.5.4-041
13.0 Prior to 13.0.5-007
13.5 Prior to 13.5.4-038
14.0 Prior to 14.2.1-020
14.3 Prior to 14.3.0-032
Secure Email and Web Manager:
Earlier than 12.8
12.8 Prior to 12.8.1-021
13.8 Prior to 13.8.1-108
14.0 Prior to 14.2.0-224
14.3 Prior to 14.3.0-120
QID Detection Logic (Authenticated):
The check matches Cisco ESA OS version retrieved via Unix Auth using "version" command.
A successful exploit could allow the attacker to execute commands as root.
Customers are advised to refer to cisco-sa-esa-sma-privesc-9DVkFpJ8 for more information.
- cisco-sa-esa-sma-privesc-9DVkFpJ8 -
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8
CVEs related to QID 317295
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-esa-sma-privesc-9DVkFpJ8 |
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8 |