Cisco has announced patches for a high-severity escalation of privilege vulnerability in AsyncOS for Cisco Secure Web Appliance.
Formerly known as Web Security Appliance (WSA), Cisco’s Secure Web Appliance is an enterprise protection solution meant to block dangerous websites and offer visibility and control over applications. The recently patched bug, identified as CVE-2022-20871, can be exploited remotely to inject commands and escalate privileges to root, however authentication is required for successful exploitation.
According to Cisco, the security flaw exists because web interface user input is not adequately vetted. The tech giant also adds that an attacker must possess at least read-only credentials to exploit the vulnerability.
For more such updates follow us on Google News ITsecuritywire News