CVE-2021-25657 A privilege escalation vulnerability was found in Avaya IP Office Admin Lite and USB Creator. Local users may be able to escalate privileges.

Addressing the Issue As a part of this Vulnerability and Risk Assessment process, Cisco has verified that there are no known exploits that leverage this vulnerability. Cisco has released software updates that resolve this issue. There will be a period of time where the software may not be stable with the latest updates. During this time, it is critical that users remain cautious of open remote access to sensitive systems.

Vulnerability Description

The Cisco ASA is affected by the 'CVE-2021-25657' vulnerability. This vulnerability allows an unauthenticated remote attacker to gain root access to the system.

Vulnerability Details:

CVE-2021-25657 Cisco ASA Software Authentication Bypass Vulnerability
A vulnerability in the authentication process of Cisco ASA software could allow an unauthorized user with no privileges to bypass security policies and gain root level privileges on a targeted device.

Vulnerability Overview and Risk Assessment

Timeline

Published on: 09/02/2022 01:15:00 UTC
Last modified on: 09/07/2022 19:48:00 UTC

References

• https://support.avaya.com/css/P8/documents/101083319
• https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25657