CVE-2017-6746: Input Validation
First published: Tue Jul 25 2017(Updated: )
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Web Security Appliance | =10.0.0-233 | |
| Cisco Web Security Appliance | =10.0_base | |
| Cisco Web Security Appliance | =10.1.0 | |
| Cisco Web Security Appliance | =10.1.0-204 | |
| Cisco Web Security Appliance | =10.1.1-230 | |
| Cisco Web Security Appliance | =10.1.1-234 | |
| Cisco Web Security Appliance | =10.5.0 | |
| Cisco Web Security Appliance | =10.5.0-358 | |
| Cisco Web Security Appliance | =11.0.0 | |
| Cisco Web Security Appliance | =11.0.0-613 | |
| Cisco Web Security Appliance | =11.0.0-641 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6746?
CVE-2017-6746 is rated as high severity due to its potential for command injection and privilege escalation.
How do I fix CVE-2017-6746?
To remediate CVE-2017-6746, update your Cisco Web Security Appliance to the latest software version provided by Cisco.
What types of Cisco Web Security Appliance versions are affected by CVE-2017-6746?
CVE-2017-6746 affects Cisco Web Security Appliance running versions 10.0.0-233, 10.0_base, 10.1.0, 10.1.0-204, 10.1.1-230, 10.1.1-234, 10.5.0, 10.5.0-358, 11.0.0, 11.0.0-613, and 11.0.0-641.
Who can exploit CVE-2017-6746?
An authenticated attacker with valid administrator credentials can exploit CVE-2017-6746.
What impact can CVE-2017-6746 have on my system?
Exploitation of CVE-2017-6746 can lead to command injection vulnerabilities and allow an attacker to achieve root privileges.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco web security appliance
- version/cisco web security appliance/10.0.0-233
- version/cisco web security appliance/10.0_base
- version/cisco web security appliance/10.1.0
- version/cisco web security appliance/10.1.0-204
- version/cisco web security appliance/10.1.1-230
- version/cisco web security appliance/10.1.1-234
- version/cisco web security appliance/10.5.0
- version/cisco web security appliance/10.5.0-358
- version/cisco web security appliance/11.0.0
- version/cisco web security appliance/11.0.0-613
- version/cisco web security appliance/11.0.0-641