9
CVE-2017-6746
- EPSS 2.51%
- Veröffentlicht 25.07.2017 19:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Web Security Appliance Version10.0.0-233
Cisco ≫ Web Security Appliance Version10.0_base
Cisco ≫ Web Security Appliance Version10.1.0
Cisco ≫ Web Security Appliance Version10.1.0-204
Cisco ≫ Web Security Appliance Version10.1.1-230
Cisco ≫ Web Security Appliance Version10.1.1-234
Cisco ≫ Web Security Appliance Version10.5.0
Cisco ≫ Web Security Appliance Version10.5.0-358
Cisco ≫ Web Security Appliance Version11.0.0
Cisco ≫ Web Security Appliance Version11.0.0-613
Cisco ≫ Web Security Appliance Version11.0.0-641
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.51% | 0.839 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.