Privilege Escalation via Crafted Certificate-Generation Arguments in Cisco AsyncOS

Privilege Escalation via Crafted Certificate-Generation Arguments in Cisco AsyncOS

CVE-2015-6298 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445.

Learn more about our Cis Benchmark Audit For Cisco.