CVE-2017-6748: Command Injection
First published: Tue Jul 25 2017(Updated: )
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Web Security Appliance | =10.0.0-232 | |
| Cisco Web Security Appliance | =10.0.0-233 | |
| Cisco Web Security Appliance | =10.0_base | |
| Cisco Web Security Appliance | =10.1.0 | |
| Cisco Web Security Appliance | =10.1.0-204 | |
| Cisco Web Security Appliance | =10.1.1-230 | |
| Cisco Web Security Appliance | =10.5.0 | |
| Cisco Web Security Appliance | =10.5.0-358 | |
| Cisco Web Security Appliance | =11.0.0 | |
| Cisco Web Security Appliance | =11.0.0-613 | |
| Cisco Web Security Virtual Appliance | =10.0.0 | |
| Cisco Web Security Virtual Appliance | =10.0_base | |
| Cisco Web Security Virtual Appliance | =10.1.0 | |
| Cisco Web Security Virtual Appliance | =10.1.1 | |
| Cisco Web Security Virtual Appliance | =10.1_base | |
| Cisco Web Security Virtual Appliance | =10.5.1 | |
| Cisco Web Security Virtual Appliance | =10.5_base | |
| Cisco Web Security Virtual Appliance | =11.0.0 | |
| Cisco Web Security Virtual Appliance | =11.0_base |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco web security appliance
- version/cisco web security appliance/10.0.0-232
- version/cisco web security appliance/10.0.0-233
- version/cisco web security appliance/10.0_base
- version/cisco web security appliance/10.1.0
- version/cisco web security appliance/10.1.0-204
- version/cisco web security appliance/10.1.1-230
- version/cisco web security appliance/10.5.0
- version/cisco web security appliance/10.5.0-358
- version/cisco web security appliance/11.0.0
- version/cisco web security appliance/11.0.0-613
- canonical/cisco web security virtual appliance
- version/cisco web security virtual appliance/10.0.0
- version/cisco web security virtual appliance/10.0_base
- version/cisco web security virtual appliance/10.1.0
- version/cisco web security virtual appliance/10.1.1
- version/cisco web security virtual appliance/10.1_base
- version/cisco web security virtual appliance/10.5.1
- version/cisco web security virtual appliance/10.5_base
- version/cisco web security virtual appliance/11.0.0
- version/cisco web security virtual appliance/11.0_base