Text only | Text with Images

Networking-Forums.com

Professional Discussions => Security => Topic started by: deanwebb on December 19, 2018, 01:59:14 PM

Title: Fix Your ASAs - HTTP Escalation Vuln.
Post by: deanwebb on December 19, 2018, 01:59:14 PM
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface.

The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
Title: Re: Fix Your ASAs - HTTP Escalation Vuln.
Post by: Otanx on December 19, 2018, 03:31:03 PM
Thankfully I only have privileged authenticated users. priv-lvl 15 for life.

-Otanx
Title: Re: Fix Your ASAs - HTTP Escalation Vuln.
Post by: Dieselboy on December 19, 2018, 10:01:35 PM
grr. I sometimes use local auth for RA VPN authentication.
Title: Re: Fix Your ASAs - HTTP Escalation Vuln.
Post by: icecream-guy on December 20, 2018, 09:01:02 AM
secure your devices

http server enable
http 0.0.0.0 0.0.0.0 Outside

This is BAD!
Title: Re: Fix Your ASAs - HTTP Escalation Vuln.
Post by: Dieselboy on December 20, 2018, 09:04:39 PM
Quote from: ristau5741 on December 20, 2018, 09:01:02 AM
secure your devices

http server enable
http 0.0.0.0 0.0.0.0 Outside

This is BAD!

Indeed. And once I saw a customer somehow disable AAA on the ASDM so when you loaded ASDM, put in the IP and click connect; it just loaded up as priv 15 without any username or password (via the internet).  :'(
Title: Re: Fix Your ASAs - HTTP Escalation Vuln.
Post by: Otanx on December 21, 2018, 05:53:36 PM
Quote from: Dieselboy on December 20, 2018, 09:04:39 PM
Quote from: ristau5741 on December 20, 2018, 09:01:02 AM
secure your devices

http server enable
http 0.0.0.0 0.0.0.0 Outside

This is BAD!

Indeed. And once I saw a customer somehow disable AAA on the ASDM so when you loaded ASDM, put in the IP and click connect; it just loaded up as priv 15 without any username or password (via the internet).  :'(

Luckily for them no attacker could figure out the right version of Java needed to actually use ASDM.

-Otanx
Title: Re: Fix Your ASAs - HTTP Escalation Vuln.
Post by: Nerm on December 21, 2018, 09:44:05 PM
Quote from: Otanx on December 21, 2018, 05:53:36 PM
Quote from: Dieselboy on December 20, 2018, 09:04:39 PM
Quote from: ristau5741 on December 20, 2018, 09:01:02 AM
secure your devices

http server enable
http 0.0.0.0 0.0.0.0 Outside

This is BAD!

Indeed. And once I saw a customer somehow disable AAA on the ASDM so when you loaded ASDM, put in the IP and click connect; it just loaded up as priv 15 without any username or password (via the internet).  :'(

Luckily for them no attacker could figure out the right version of Java needed to actually use ASDM.

-Otanx


:haha3:
Title: Re: Fix Your ASAs - HTTP Escalation Vuln.
Post by: Dieselboy on December 23, 2018, 09:10:52 AM
Betting it's a true story 😁
Title: Re: Fix Your ASAs - HTTP Escalation Vuln.
Post by: deanwebb on December 25, 2018, 09:05:21 AM
Quote from: Otanx on December 21, 2018, 05:53:36 PM
Luckily for them no attacker could figure out the right version of Java needed to actually use ASDM.

-Otanx

:haha2:

Ladies and gentlemen, here is the post of the year.
Text only | Text with Images