Cisco Secure Firewall ASA SCP Unauthorized File Access Vulnerability in Multiple Context Mode

A vulnerability exists in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software when multiple context mode is enabled. It allows an authenticated, local attacker with administrative privileges in one context to transfer files to or from another context, including configuration files. This issue arises from inadequate access controls for Secure Copy Protocol (SCP) operations with the Cisco SSH stack enabled. An attacker could exploit this by authenticating to a non-admin context and sending crafted SCP commands. Successful exploitation could enable the attacker to read, create, or overwrite sensitive files in another context, including admin and system files. However, this vulnerability does not directly affect the availability of services in other contexts.

Impact

Exploitation of this vulnerability could lead to unauthorized access and modification of files across different contexts, potentially allowing sensitive information to be read or altered.

Remediation

To address this vulnerability, Cisco recommends upgrading to a fixed software release. For guidance on which release to upgrade to, consult the Cisco Software Checker tool, which identifies vulnerabilities and the earliest fixed release. Instructions for using the Cisco Software Checker are available in the advisory.