Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2017-6746

Published: 25/07/2017 Updated: 08/08/2017
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Cisco

Vulnerability Summary

A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote malicious user to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco web security appliance 11.0.0

cisco web security appliance 10.5.0-358

cisco web security appliance 10.1.0-204

cisco web security appliance 10.1.1-234

cisco web security appliance 10.0_base

cisco web security appliance 10.1.0

cisco web security appliance 11.0.0-641

cisco web security appliance 10.5.0

cisco web security appliance 10.0.0-233

cisco web security appliance 11.0.0-613

cisco web security appliance 10.1.1-230

Vendor Advisories

Cisco: Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root The attacker must authenticate with valid administrator credentials The vulnerability is due to insufficient validation of user-supplied input on the web interfac ...

References

CWE-20https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1http://www.securitytracker.com/id/1038948http://www.securityfocus.com/bid/99877https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook