PT-2015-4815 · Cisco+1 · Cisco Web Security Appliance+1
Publicado
2015-04-15
·
Atualizado
2017-01-06
·
CVE-2015-0693
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Web Security Appliance (WSA) version 8.5.0-ise-147
Description
The issue is related to the improper restriction of the pickle Python module during tunnel-status checks, allowing local users to execute arbitrary Python code and gain privileges via a crafted pickle file.
Recommendations
For Cisco Web Security Appliance (WSA) version 8.5.0-ise-147, consider restricting access to the pickle Python module as a temporary workaround until a patch is available.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Web Security Appliance
Python