Cisco Cybersecurity Alert:
NOTE: This vulnerability affects Cisco ASA Software that is running on any Cisco product that has web management access enabled.
On December 19th, Cisco identified a vulnerability in the authorization subsystem of ASA Software on Cisco products. This vulnerability would allow an authenticated, but unprivileged, remote attacker to perform privileged actions by using the web management interface, if enabled. The result of an attack could be the unauthorized retrieval of files from the affected device. Cisco has released software to address the vulnerability. An effective workaround is enabling command authorization in Cisco ASA.
For additional information, please visit: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc