June 3, 2023

Cisco has patched a high-severity escalation of privilege vulnerability in AsyncOS for Cisco Secure Web Appliance.

Cisco’s Secure Web Appliance is an enterprise protection solution designed to block risky sites and provide application visibility and control.

The flaw tracked as CVE-2022-20871can be exploited remotely to inject commands and escalate privileges to root, but requires authentication for successful exploitation.

The security bug exists because user-supplied input for the web interface is not sufficiently validated. The attacker needs to have at least read-only credentials to successfully exploit the issue.

Advertisements

Cisco has resolved the vulnerability with the release of AsyncOS for Secure Web Appliance version 14.5.0-537 and plans to release updates for versions 12.5 and 14.0 of the appliance as well.

There are no workarounds available to address the vulnerability and Cisco encourages customers to install the available patches as soon as possible and says it is not aware of this vulnerability being exploited in malicious attacks.

Tags:

Leave a Reply

You may have missed

Cisco buys Armorblox

Cisco buys Armorblox

June 3, 2023
CISA KEV Update Part I – May 2023

CISA KEV Update Part I – May 2023

June 3, 2023
Gigabyte Motherboards Backdoor’ed

Gigabyte Motherboards Backdoor’ed

June 3, 2023
MOVEit Vulnerability Exploited in Wild

MOVEit Vulnerability Exploited in Wild

June 2, 2023
CasePoint Suffers a Data Breach

CasePoint Suffers a Data Breach

June 2, 2023
CyberArk Identity Security Web Browser

CyberArk Identity Security Web Browser

June 1, 2023
%d bloggers like this: