A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.
The vulnerability exists due to insufficient validation and lack of authentication when accessing specific REST API endpoints. An attacker can exploit the vulnerability by sending a properly crafted API request to the vulnerable endpoint without possessing any credentials. Successful execution of the attack allows operation with full Site Admin user privileges, which includes access to resources of multiple tenants.
An attacker can read sensitive information and make configuration changes throughout the system, crossing tenant boundaries, with the highest administrative role privileges — Site Admin.
Apply patches available from the vendor according to references: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy
Cisco Secure Workload — versions indicated in vendor references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HCisco Secure Workload
APPCisco< 3.10.8.34.0 – 4.0.3.17 (bez)
Related vulnerabilities
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the...
Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym
RCE przez insecure deserialization w Cisco Secure Firewall Management Center
Cisco Catalyst SD-WAN — ominięcie uwierzytelnienia peering i przejęcie uprawnień
RCE z uprawnieniami root w Cisco Secure Email Gateway i Secure Email and Web Manager