[BreachExchange] Bugs in Cisco BPA and WSA can allow remote cyberattacks

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Mon Jul 12 12:33:01 EDT 2021


https://techstory.in/bugs-in-cisco-bpa-and-wsa-can-allow-remote-cyberattacks/

As per a report by Threatpost, Cisco’s Web Security Appliance (WSA), which
acts as a shield and automatically blocks high risk sites, as well as its
Business Process Automation application, have been found to be suffering
from a set of high-severity privilege-escalation vulnerabilities. These
weaknesses in the programmes could open up a gateway for authenticated
attackers working remotely, to hack in sensitive data or hijack systems,
through Cisco BPA and WSA.

What Vulnerabilities?

The Cisco Business Process Automation (BPA) application, which is a tool
used by organizations to align and speed up their IT processes, is faced by
two major vulnerabilities, namely, CVE-2021-1574 and CVE-2021-1576. Each of
these flaws is rated at 8.8 out of 10 on the CVSS vulnerability-severity
scale, and can grant authenticated, remote attackers, access to privilege
elevation up to the administrator level. What this means is that the
hackers will get access to data that is normally only accessible to the
administrators. As per an advisory released by Cisco on Thursday, these
vulnerabilities have arisen due to “improper authorization enforcement” for
a few features, as well as for access to the log files containing sensitive
information. If hackers decide to exploit these flaws, they can, rather
easily, “perform unauthorized actions” by posing as admins, or extract
sensitive data, and use it for information.

The former of the two vulnerabilities will allow authorized attackers
(those who have valid login credentials) to carry out unauthorised tasks.
On the other hand, the latter can allow authorized hackers to hack into the
logging subsystems, and extract data. This can be done only when a legit
user is holding a session on the system active.

A third flaw has also been identified, and affects the WSA at Cisco. Having
a score of 6.3 out of 10 on the CVSS scale, the CVE-2021-1359 vulnerability
has been found to be located in the configuration management of WSA’s
AsyncOS operating system. Hackers can make use of this vulnerability to
elevate privilege to root, and perform command injection.

The reason for this flaw is said to be “insufficient validation” of the XML
input supplied by users. Vulnerable devices may be attacked by hackers who
send crafted XML configuration files to these devices. Such hacks can
eventually lead to execution of arbitrary commands.

Trouble Strikes Again

This new set of vulnerabilities at Cisco BPA and WSA come after the firm
previously rectified multiple high-severity flaws in its Small Business 220
Series Smart Switches line, just last month.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210712/f059876d/attachment.html>


More information about the BreachExchange mailing list