7.5
CVE-2017-6751
- EPSS 0.47%
- Veröffentlicht 25.07.2017 19:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Web Security Appliance Version9.0.0-162
Cisco ≫ Web Security Appliance Version9.0.0-193
Cisco ≫ Web Security Appliance Version9.0.0-485
Cisco ≫ Web Security Appliance Version10.0.0-232
Cisco ≫ Web Security Appliance Version10.0.0-233
Cisco ≫ Web Security Appliance Version10.1.0-204
Cisco ≫ Web Security Virtual Appliance Version9.0.0
Cisco ≫ Web Security Virtual Appliance Version10.0.0
Cisco ≫ Web Security Virtual Appliance Version10.1.0
Cisco ≫ Web Security Virtual Appliance Version10.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.616 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.