What is CVE-2021-1359?

CVE-2021-1359 is a vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) that allows an authenticated, remote attacker to perform command injection and elevate privileges to root.

What is the severity of CVE-2021-1359?

CVE-2021-1359 has a severity rating of 8.8 (critical).

Which software versions are affected by CVE-2021-1359?

Cisco Web Security Appliance versions 11.8.0-429 and 11.8.0-453, as well as Cisco AsyncOS versions 11.8.0 to 12.0.3-005 and 12.5.0 to 12.5.2, are affected by CVE-2021-1359.

How can an attacker exploit CVE-2021-1359?

An attacker can exploit CVE-2021-1359 by supplying malicious XML input to the affected Cisco Web Security Appliance, allowing them to perform command injection and gain root privileges.

Is there a fix or patch available for CVE-2021-1359?

Yes, Cisco has released a security advisory and patches to address the vulnerability. Please refer to the reference link for more information.

Vulnerability/
CVE-2021-1359

critical

CWE

112 77

8/7/2021

26/10/2021

CVE-2021-1359: Command Injection

First published: Thu Jul 08 2021(Updated: )

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the web interface. An attacker could exploit this vulnerability by uploading crafted XML configuration files that contain scripting code to a vulnerable device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. An attacker would need a valid user account with the rights to upload configuration files to exploit this vulnerability.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Web Security Appliance	=11.8.0-429
Cisco Web Security Appliance	=11.8.0-453
Cisco AsyncOS	>=11.8.0<12.0.3-005
Cisco AsyncOS	>=12.5.0<12.5.2

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-scr-web-priv-esc-k3HCGJZ

Frequently Asked Questions

What is CVE-2021-1359?
CVE-2021-1359 is a vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) that allows an authenticated, remote attacker to perform command injection and elevate privileges to root.
What is the severity of CVE-2021-1359?
CVE-2021-1359 has a severity rating of 8.8 (critical).
Which software versions are affected by CVE-2021-1359?
Cisco Web Security Appliance versions 11.8.0-429 and 11.8.0-453, as well as Cisco AsyncOS versions 11.8.0 to 12.0.3-005 and 12.5.0 to 12.5.2, are affected by CVE-2021-1359.
How can an attacker exploit CVE-2021-1359?
An attacker can exploit CVE-2021-1359 by supplying malicious XML input to the affected Cisco Web Security Appliance, allowing them to perform command injection and gain root privileges.
Is there a fix or patch available for CVE-2021-1359?
Yes, Cisco has released a security advisory and patches to address the vulnerability. Please refer to the reference link for more information.

collector/nvd-index
agent/references
agent/event
agent/weakness
agent/severity
agent/author
agent/description
agent/tags
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
vendor/cisco
canonical/cisco web security appliance
version/cisco web security appliance/11.8.0-429
version/cisco web security appliance/11.8.0-453
canonical/cisco asyncos
version/cisco asyncos/11.8.0
version/cisco asyncos/12.5.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.