Summary

• A vulnerability in the status-checking process of remote access tunnels for supporting Cisco Web Security Appliances (WSA) could allow an authenticated, local attacker to execute arbitrary Python code on the affected system.
  
  The vulnerability is due to improper usage and handling of the pickle Python module by the affected software. An attacker could exploit this vulnerability by submitting a crafted pickle file to an affected device. A successful exploit could be used to conduct further attacks.
  
  Cisco has confirmed the vulnerability; however, no software updates are available.
  
  To exploit the vulnerability, the attacker must log in locally to the vulnerable device. The access requirement reduces the potential for exploitation.

Affected Products

• Cisco has released bug ID CSCut39259 for registered users that contains additional details and an up-to-date list of affected product versions.

  Vulnerable Products

  At the time this alert was first published, Cisco WSA software version 8.5.0-ise-147 was vulnerable. Other versions of Cisco WSA software may also be affected.

  Products Confirmed Not Vulnerable

  No other Cisco products are currently known to be affected by these vulnerabilities.

Workarounds

• Administrators are advised to apply the appropriate updates as they become available.
  
  Administrators are advised to allow only trusted users to access local systems.
  
  Administrators are advised to monitor affected systems.

Fixed Software

• Software updates are not available.

Exploitation and Public Announcements

• The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

URL

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150413-CVE-2015-0693

Revision History

• Version	Description	Section	Status	Date
  1.0	Initial Release	NA	Final	2015-Apr-13

  Show Less