As per a report by Threatpost, Cisco’s Web Security Applicance (WSA), which acts as a shield and automatically blocks high risk sites, as well as its Business Process Automation application, have been found to be suffering from a set of high-severity privilege-escalation vulnerabilities. These weaknesses in the programmes could open up a gateway for authenticated attackers working remotely, go hack in sensitive data or hijack systems, through Cisco BPA and WSA.
What Vulnerabilities?
The Cisco Business Process Automation (BPA) application, which is a tool used by organizations to align and speed up their IT processes, is faced by two major vulnerabilities, namely, CVE-2021-1574 and CVE-2021-1576. Each of these flaws is rated at 8.8 out of 10 on the CVSS vulnerability-severity scale, and can grant authenticated, remote attackers, access to privilege elevation up to the administrator level. What this means is that the hackers will get access to data that is normally only accessible to the administrators. As per an advisory released by Cisco on Thursday, these vulnerabilities have arisen due to “improper authorization enforcement” for a few features, as well as for access to the log files containing sensitive information. If hackers decide to exploit these flaws, they can, rather easily, “perform unauthorized actions” by posing as admins, or extract sensitive data, and use it for information.
The former of the two vulnerabilities will allow authorized attackers (those who have valid login credentials) to carry out unauthorised tasks. On the other hand, the latter can allow authorized hackers to hack into the logging subsystems, and extract data. This can be done only when a legit user is holding a session on the system active.
A third flaw has also been identified, and affects the WSA at Cisco. Having a score of 6.3 out of 10 on the CVSS scale, the CVE-2021-1359 vulnerability has been found to be located in the configuration management of WSA’s AsyncOS operating system. Hackers can make use of this vulnerability to elevate privilege to root, and perform command injection.
The reason for this flaw is said to be “insufficient validation” of the XML input supplied by users. Vulnerable devices may be attacked by hackers who send crafted XML configuration files to these devices. Such hacks can eventually lead to execution of arbitrary commands.
Trouble Strikes Again
This new set of vulnerabilities at Cisco BPA and WSA come after the firm previously rectified multiple high-severity flaws in its Small Business 220 Series Smart Switches line, just last month.