Privilege Escalation Vulnerability in Cisco WAAS Disk Check Tool
CVE-2018-0352

6.7MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Wide Area Application Services Unknown
Vendor
CVE Published:
7 June 2018

What is CVE-2018-0352?

A security vulnerability exists in the Disk Check Tool (disk-check.sh) of Cisco's Wide Area Application Services (WAAS) Software. It allows an authenticated, local attacker with super user privileges to replace legitimate script files with malicious code, potentially leading to root-level access and complete control of the device. The vulnerability arises from insufficient validation of executed script files, making it critical for users to safeguard against unauthorized access to mitigate exploitation risks.

Affected Version(s)

Cisco Wide Area Application Services unknown Cisco Wide Area Application Services unknown

References

http://www.securityfocus.com/bid/104464
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041077
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.