Cisco this week released patches for high-severity vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks.
Two security holes were addressed in Business Process Automation (BPA), both featuring a CVSS score of 8.8. An authenticated, remote attacker able to exploit these could elevate their privileges to administrator, Cisco warned in an advisory.
The issues exist because authorization isn’t properly enforced for specific features and for access to log files containing sensitive information.
Tracked as CVE-2021-1574, the first vulnerability could be exploited by sending crafted HTTP messages to a vulnerable system, which would allow an attacker to perform unauthorized actions as administrator.
While a legitimate user maintains an active session on a vulnerable system, an attacker could exploit the second vulnerability – CVE-2021-1576 – to retrieve sensitive data from log files. The attacker could then use that data to impersonate a privileged user.
Cisco BPA versions earlier than release 3.1 are affected. There are no workarounds to mitigate these vulnerabilities and users are advised to update to a patched version as soon as possible.
Tracked as CVE-2021-1359, the vulnerability affecting AsyncOS for Web Security Appliance (WSA) could be exploited by an authenticated, remote attacker to inject commands and gain root privileges.
The issue has a CVSS score of 6.3, given that successful exploitation of the bug requires for the attacker to have valid credentials for a user account that has the rights to upload configuration files.
Both virtual and hardware AsyncOS for WSA appliances are affected and no workaround exists, Cisco says. Customers are advised to update to AsyncOS for WSA versions 12.0.3-005 or 12.5.2 (maintenance release set to arrive within the next few days), which include patches for the bug.
Cisco says it is not aware of any of these vulnerabilities being exploited in the wild.
This week, the company also published details on a series of medium risk vulnerabilities identified in SD-WAN, Virtualized Voice Browser, Identity Services Engine (ISE), Video Surveillance 7000 Series IP cameras, BroadWorks Application Server, and Adaptive Security Device Manager (ASDM) Launcher.
Additionally, the company confirmed that multiple Cisco products are affected by a security hole in the TrustZone implementation in certain Broadcom MediaxChange firmware. Exploitation of the bug requires physical access to the affected devices and for the attacker to dismount the backplate to trigger impulses on the chipset.
Information on all of these vulnerabilities is available on Cisco’s security portal.
Related: XSS Vulnerability in Cisco Security Products Exploited in the Wild
Related: Cisco Plugs High-Risk Security Flaws in Webex, SD-WAN
Related: Cisco Patches Critical Flaws in SD-WAN, HyperFlex HX Products