0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Cisco Ironport Appliances Privilege Escalation Exploit
[ 0Day-ID-23183 ]
Full title
Cisco Ironport Appliances Privilege Escalation Exploit
[ Highlight ]
Highlight - is paid service, that can help to get more visitors to your material.
Price:
10
Price:
![](/img/gold.gif)
Date add
Category
Platform
Verified
![](/img/check.png)
Price
free
Risk
![](/img/risk/critlow_4.gif)
Security Risk Critical
]Rel. releases
Description
Cisco Ironport appliances are vulnerable to authenticated "admin" privilege escalation.
By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore
bypassing all existing "admin" account limitations.
The vulnerability is due to weak algorithm implementation in the password generation process which is used by Cisco to
remotely access the appliance to provide technical support.
Vendor Response:
As anticipated, this is not considered a vulnerability but a security hardening issue. As such we did not assign a CVE
however I made sure that this is fixed on SMA, ESA and WSA. The fix included several changes such as protecting better
the algorithm in the binary, changing the algorithm itself to be more robust and enforcing password complexity when the
administrator set the pass-phrase and enable the account.
[SD] Note: Administrative credentials are needed in order to activate the access to support representative and to set up
the pass-phrase that it is used to compute the final password.
[GC] Still Admin user has limited permissions on the appliance and credentials can get compromised too, even with
default password leading to full root access.
[SD] This issue is tracked for the ESA by Cisco bug id: CSCuo96011 for the SMA by Cisco bug id: CSCuo96056 and for WSA
by Cisco bug id CSCuo90528
By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore
bypassing all existing "admin" account limitations.
The vulnerability is due to weak algorithm implementation in the password generation process which is used by Cisco to
remotely access the appliance to provide technical support.
Vendor Response:
As anticipated, this is not considered a vulnerability but a security hardening issue. As such we did not assign a CVE
however I made sure that this is fixed on SMA, ESA and WSA. The fix included several changes such as protecting better
the algorithm in the binary, changing the algorithm itself to be more robust and enforcing password complexity when the
administrator set the pass-phrase and enable the account.
[SD] Note: Administrative credentials are needed in order to activate the access to support representative and to set up
the pass-phrase that it is used to compute the final password.
[GC] Still Admin user has limited permissions on the appliance and credentials can get compromised too, even with
default password leading to full root access.
[SD] This issue is tracked for the ESA by Cisco bug id: CSCuo96011 for the SMA by Cisco bug id: CSCuo96056 and for WSA
by Cisco bug id CSCuo90528
Usage info
By logging in to the appliance using default password "ironport" or user specified one, there is an option to
enable Customer Support Remote Access.
This option can be found under Help and Support -> Remote Access on the GUI or by using the CLI console account
"enablediag" and issuing the command service.
Enabling this service requires a temporary user password which should be provided along with the appliance serial number
to Cisco techsupport for remotely connecting and authenticating to the appliance.
Having a temporary password and the serial number of the appliance by enabling the service account, an attacker can in
turn get full root access as well as potentially damage it, backdoor it, etc.
enable Customer Support Remote Access.
This option can be found under Help and Support -> Remote Access on the GUI or by using the CLI console account
"enablediag" and issuing the command service.
Enabling this service requires a temporary user password which should be provided along with the appliance serial number
to Cisco techsupport for remotely connecting and authenticating to the appliance.
Having a temporary password and the serial number of the appliance by enabling the service account, an attacker can in
turn get full root access as well as potentially damage it, backdoor it, etc.
Affected ver
Cisco Ironport ESA - AsyncOS 8.5.5-280
Cisco Ironport WSA - AsyncOS 8.0.5-075
Cisco Ironport SMA - AsyncOS 8.3.6-0
Cisco Ironport WSA - AsyncOS 8.0.5-075
Cisco Ironport SMA - AsyncOS 8.3.6-0
Other Information
Abuses
0
Comments
0
Views
4 488
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
free
Open Exploit
You can open this source code for free
You can open this source code for free
![](/img/check_16.png)
Verified by 0day Admin
This material is checked by Administration and absolutely workable.
This material is checked by Administration and absolutely workable.
[ Comments: 0 ]
Terms of use of comments:
- Users are forbidden to exchange personal contact details
- Haggle on other sites\projects is forbidden
- Reselling is forbidden
Login or register to leave comments
Login or register to leave comments