Cisco.ASA.Admin.Config.File.Remote.Illegal.Access

description-logoDescription

This indicates an attempt of an authenticated user without root privilege to access or to modify Admin configuration file in Cisco Product running Cisco ASA Software with web management access enabled.
Due to an design error, an authenticated user without root privilege could exploit this to gain access to admin configuration file or to modify the content of the admin configuration file to perform privilege actions in a vulnerable system.

affected-products-logoAffected Products

Cisco Product running Cisco ASA Software with web management access enabled.

Impact logoImpact

Information Disclosure: remote attackers can gain sensitive information from vulnerable systems.
Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.

recomended-action-logoRecommended Actions

Apply the latest update from the vendor or refer to the vendor's web site for suggested workaround.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-06 14.627 Severity:medium:high
2019-01-11 14.522 Default_action:pass:drop
2018-12-27 13.514