Full title: Cisco Ironport Appliances Privilege Escalation Exploit 
Category: remote exploits
Platform: hardware
Cisco Ironport appliances are vulnerable to authenticated &quot;admin&quot; privilege escalation.
By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore
bypassing all existing &quot;admin&quot; account limitations.
The vulnerability is due to weak algorithm implementation in the password generation process which is used by Cisco to
remotely access the appliance to provide technical support.

Vendor Response:
As anticipated, this is not considered a vulnerability but a security hardening issue. As such we did not assign a CVE
however I made sure that this is fixed on SMA, ESA and WSA. The fix included several changes such as protecting better
the algorithm in the binary, changing the algorithm itself to be more robust and enforcing password complexity when the
administrator set the pass-phrase and enable the account.

[SD] Note: Administrative credentials are needed in order to activate the access to support representative and to set up
the pass-phrase that it is used to compute the final password.
[GC] Still Admin user has limited permissions on the appliance and credentials can get compromised too, even with
default password leading to full root access.

[SD] This issue is tracked for the ESA by Cisco bug id: CSCuo96011 for the SMA by Cisco bug id: CSCuo96056 and for WSA
by Cisco bug id CSCuo90528

# 0day.today @ http://0day.today/