Cisco AsyncOS Software Administration Role Authorization Vulnerability
22 Jul. 2014
Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity.
A vulnerability exists in the group processing functions of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) devices that are configured to use Microsoft Active Directory services as the authentication database. This configuration could allow an unauthenticated, remote attacker to bypass security restrictions and be assigned a role that the attacker was not explicitly assigned.
The vulnerability is due to incorrect processing of group names retrieved from a Microsoft Active Directory server. An attacker could exploit this vulnerability if the attacker belongs to a group with a name that contains a similar set of characters as the name of an authorized group. An exploit could allow the attacker to access the device or obtain access to a role for which the attacker was not specifically authorized on the device.