Cisco · Cisco Asyncos · CVE-2021-1447
**Name of the Vulnerable Software and Affected Versions**
Cisco AsyncOS for Cisco Content Security Management Appliance (affected versions not specified)
**Description**
The issue is due to a procedural flaw in the password generation algorithm, allowing an authenticated, local attacker to elevate their privileges to root. An attacker could exploit this by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges, potentially executing arbitrary commands as root and accessing the underlying operating system. The attacker must have valid Administrator credentials to exploit this issue.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.