CVE-2019-1816

Name of the Vulnerable Software and Affected Versions Cisco Web Security Appliance (WSA) (affected versions not specified)

Description A vulnerability in the log subscription subsystem could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This issue is due to insufficient validation of user-supplied input on the web and command-line interface. An attacker could exploit this by injecting scripting commands within the log subscription subsystem after authenticating to the device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.