Maor Shwartz

**Name of the Vulnerable Software and Affected Versions** Trustwave Secure Web Gateway (SWG) versions prior to 11.8.0.28 **Description** The issue is related to errors in cryptographic key management. It allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access. This can be achieved via the `publicKey` parameter to the "/sendKey" URI. **Recommendations** For Trustwave Secure Web Gateway (SWG) versions prior to 11.8.0.28, update to version 11.8.0.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/sendKey` URI to minimize the risk of exploitation. Avoid using the `publicKey` parameter in the affected HTTP POST request until the issue is resolved.