Cisco AsyncOS Privilege Escalation Vulnerability in Secure Email and Web Products

A vulnerability exists in the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance. This vulnerability allows an authenticated, local attacker to elevate privileges to root. The issue arises from a flaw in the password generation algorithm for remote access, enabling an attacker to create a temporary password for the service account. Exploitation of this vulnerability could lead to the execution of arbitrary commands as root and access to the underlying operating system.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation to root, enabling the execution of arbitrary commands with root privileges and access to the underlying operating system.

Remediation

Cisco has released software updates to address this vulnerability. For Cisco Secure Email and Web Manager, users should upgrade to version 15.5.3-017 or 16.0.1-010. For Cisco Secure Email Gateway, the recommended versions are 15.5.3-024 or 16.0.1-019. Cisco Secure Web Appliance users should upgrade to version 15.2.2-009. Instructions for upgrading are available in the Cisco Security Vulnerability Policy.