Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability
Per Cisco's June 17 advisory, a flaw in the vmadmin CLI of the Umbrella Virtual Appliance could allow an authenticated local attacker to escalate privileges to root by issuing certain commands.
At a glance
- A vmadmin CLI flaw in Cisco Umbrella Virtual Appliance allows an authenticated local attacker to elevate privileges to root.
- Cisco released software updates and says there are no workarounds.
VERDICT — CONFIRMED
Cisco disclosed on June 17 a privilege escalation vulnerability in the vmadmin CLI of its Umbrella Virtual Appliance, per a Cisco PSIRT security advisory.
The flaw could allow an authenticated local attacker to escalate privileges to root by issuing certain commands, per the advisory, which cites insufficient validation of user-supplied commands as the cause. Exploitation requires existing vmadmin privileges, limiting the flaw to attackers who already hold authenticated local access.
Cisco has released software updates addressing the vulnerability and says no workarounds are available, per the advisory, making the update the only remediation path. The CVE identifier, CVSS score and exploitation status were not included in the available summary and reside in the full advisory on Cisco's security center; affected customers' next step, per Cisco, is applying the released software updates.
Key facts on file
- A vmadmin CLI flaw in Cisco Umbrella Virtual Appliance allows an authenticated local attacker to elevate privileges to root.
- Cisco released software updates and says there are no workarounds.