CVE-2018-0352

Name of the Vulnerable Software and Affected Versions Cisco Wide Area Application Services Software (affected versions not specified)

Description The issue is related to errors in script file validation in the disk-check.sh and harcap.sh scripts of the Cisco Wide Area Application Services Software. This could allow an authenticated, local attacker with valid user credentials and super user privileges to elevate their privilege level to root and gain full control of the device. The vulnerability is due to insufficient validation of script files executed by the Disk Check Tool. An attacker could exploit this by replacing a script file with a malicious one while the tool is running.

Recommendations For Cisco Wide Area Application Services Software, consider restricting access to the Disk Check Tool until a fix is available. As a temporary workaround, avoid using the Disk Check Tool to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.