PT-2017-17287 · Cisco · Cisco Web Security Appliance

Publicado

2017-07-25

Atualizado

2017-08-08

CVE-2017-6746

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Web Security Appliance (WSA) versions 10.0 through 10.1.0-204 Cisco Web Security Appliance (WSA) version 10.1.0-204

Description A vulnerability in the web interface of the Cisco Web Security Appliance could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials.

Recommendations For Cisco Web Security Appliance (WSA) versions 10.0 through 10.1.0-204, update to version 10.5.1-270 or 10.1.1-235 to resolve the issue. For Cisco Web Security Appliance (WSA) version 10.1.0-204, update to version 10.5.1-270 or 10.1.1-235 to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2017-6746

Produtos afetados

Cisco Web Security Appliance

PT-2017-17287 · Cisco · Cisco Web Security Appliance

CVE-2017-6746

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5