CVE-2017-6751: Input Validation
First published: Tue Jul 25 2017(Updated: )
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Web Security Appliance | =9.0.0-162 | |
| Cisco Web Security Appliance | =9.0.0-193 | |
| Cisco Web Security Appliance | =9.0.0-485 | |
| Cisco Web Security Appliance | =10.0.0-232 | |
| Cisco Web Security Appliance | =10.0.0-233 | |
| Cisco Web Security Appliance | =10.1.0-204 | |
| Cisco Web Security Virtual Appliance | =9.0.0 | |
| Cisco Web Security Virtual Appliance | =10.0.0 | |
| Cisco Web Security Virtual Appliance | =10.1.0 | |
| Cisco Web Security Virtual Appliance | =10.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6751?
CVE-2017-6751 is classified as a high severity vulnerability due to its potential impact on the security of the Cisco Web Security Appliance.
How do I fix CVE-2017-6751?
The recommended fix for CVE-2017-6751 is to upgrade the Cisco Web Security Appliance software to the latest version as specified by Cisco.
Who is affected by CVE-2017-6751?
CVE-2017-6751 affects multiple versions of the Cisco Web Security Appliance and Cisco Web Security Virtual Appliance.
Can CVE-2017-6751 be exploited remotely?
Yes, CVE-2017-6751 can be exploited by an unauthenticated remote attacker.
What is the impact of CVE-2017-6751 on affected devices?
CVE-2017-6751 allows attackers to forward traffic from the web proxy interface to the administrative management interface.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco web security appliance
- version/cisco web security appliance/9.0.0-162
- version/cisco web security appliance/9.0.0-193
- version/cisco web security appliance/9.0.0-485
- version/cisco web security appliance/10.0.0-232
- version/cisco web security appliance/10.0.0-233
- version/cisco web security appliance/10.1.0-204
- canonical/cisco web security virtual appliance
- version/cisco web security virtual appliance/9.0.0
- version/cisco web security virtual appliance/10.0.0
- version/cisco web security virtual appliance/10.1.0
- version/cisco web security virtual appliance/10.1.1