CVE-2018-0095

Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) (affected versions not specified)

Description: A vulnerability in the administrative shell of Cisco AsyncOS could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker must have a valid user credential with at least a privilege level of a guest user. This issue is due to an incorrect networking configuration at the administrative shell CLI. An attacker could exploit this by authenticating to the targeted device and issuing a set of crafted, malicious commands at the administrative shell, potentially gaining root access on the device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.