CVE-2018-0352

A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673.

Severity	MEDIUM
CVSS	6.7
CWE	CWE-264
KEV
Published	7 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco Wide Area Application Services Software	cisco-sa-20180606-waas-priv-escalation
Cisco Wide Area Application Services Appliances	cisco-sa-20180606-waas-priv-escalation
Cisco RV Series Routers	cisco-sa-20180606-waas-priv-escalation
Cisco Nexus Dashboard	cisco-sa-20180606-waas-priv-escalation
Cisco Application Centric Infrastructure Virtual Edge	cisco-sa-20180606-waas-priv-escalation
Cisco Wide Area Application Services (WAAS)	cisco-sa-20180606-waas-priv-escalation