PT-2017-17287 · Cisco · Cisco Web Security Appliance

Published

2017-07-25

Updated

2017-08-08

CVE-2017-6746

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Web Security Appliance (WSA) versions 10.0 through 10.1.0-204 Cisco Web Security Appliance (WSA) version 10.1.0-204

Description A vulnerability in the web interface of the Cisco Web Security Appliance could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials.

Recommendations For Cisco Web Security Appliance (WSA) versions 10.0 through 10.1.0-204, update to version 10.5.1-270 or 10.1.1-235 to resolve the issue. For Cisco Web Security Appliance (WSA) version 10.1.0-204, update to version 10.5.1-270 or 10.1.1-235 to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-6746

Affected Products

Cisco Web Security Appliance

PT-2017-17287 · Cisco · Cisco Web Security Appliance

CVE-2017-6746

Weakness Enumeration

Related Identifiers

Affected Products

References · 5