Vigil@nce - Cisco Ironport: privilege escalation via Service Account
January 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local privileged attacker can connect to the Service Account of
Cisco Ironport, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco Content SMA, Cisco ESA, IronPort
Email, IronPort Management, IronPort Web, Cisco WSA
Severity: 1/4
Creation date: 26/01/2015
DESCRIPTION OF THE VULNERABILITY
The Cisco Ironport product offers a remote maintenance service
associated to the "service" user.
An authenticated user with "admin" privileges can enable the
"service" account. However, he can then connect via SSH to the
"service" account, and obtain a full root shell.
A local privileged attacker can therefore connect to the Service
Account of Cisco Ironport, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Ironport-privilege-escalation-via-Service-Account-16053