Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device.

The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-privescala

Security Impact Rating: High

CVE: CVE-2019-1934

Related:

  • No Related Posts

Couldn’t intercept some sites

I need a solution

Hello,

Guys 

We have been generated self signed certificated on the proxysg. The problem is when i visit to the facebook.com with intercept facebook.com traffic then facebook.com doesn’t trust our certificate. Obviously it is unusual and incorrect credential.  

So what should i do guys ? 

Have a nice day,

Thank you

0

Related:

  • No Related Posts

About ProxySG license

I need a solution

Hello,

We are planning two use ProxySG S200-40. Obviously it has two appliance master and fail-over.  If we will be using Blue Coat WebFilter Subscription on ProxySG S200-40 then will we need two license for each appliance or one license for each appliance. Also could we use redundant proxysg server and how about license ?

Have a nice day.

Thank you.

0

Related:

  • No Related Posts

Cisco RV110W, RV130W, and RV215W Routers Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network.

The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-infodis

Security Impact Rating: Medium

CVE: CVE-2019-1899

Related:

  • No Related Posts

Cisco RV110W, RV130W, and RV215W Routers Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router.

The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-dos

Security Impact Rating: Medium

CVE: CVE-2019-1897

Related:

  • No Related Posts

ProxySG | LDAP authentication multiple domain in 1 forest

I need a solution

Dear All,

Can I ask if ProxySG (VM) can do LDAP authentication in a multiple domain in 1 forest?

For example, customers have domain A and domain B, which are in the same forest, and there is a case sometimes where there is a user at the branch A to temporarily move to working at branch B.

So still want Authentication and receiving the policy that box proxy on the branch B, like the branch A

(ProxySG Appliances of customers are located in both branches)
 
 
Please recommend solution for this case.
 
If you would like more information please let me know.
 
Thank you so much for your help.
 
 
Best Regards,
Chakuttha R.
0

Related:

  • No Related Posts