Lucene search

CiscoCVE-2017-6748

HistoryJul 25, 2017 - 7:29 p.m.

CVE-2017-6748

2017-07-2519:29:00

CWE-74

cisco

web.nvd.nist.gov

cisco

wsa

command injection

privilege escalation

cve-2017-6748

nvd

security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234.

Affected configurations

Nvd

Node

ciscoweb_security_applianceMatch10.0.0-232

ciscoweb_security_applianceMatch10.0.0-233

ciscoweb_security_applianceMatch10.0_base

ciscoweb_security_applianceMatch10.1.0

ciscoweb_security_applianceMatch10.1.0-204

ciscoweb_security_applianceMatch10.1.1-230

ciscoweb_security_applianceMatch10.5.0

ciscoweb_security_applianceMatch10.5.0-358

ciscoweb_security_applianceMatch11.0.0

ciscoweb_security_applianceMatch11.0.0-613

ciscoweb_security_virtual_applianceMatch10.0.0

ciscoweb_security_virtual_applianceMatch10.0_base

ciscoweb_security_virtual_applianceMatch10.1.0

ciscoweb_security_virtual_applianceMatch10.1.1

ciscoweb_security_virtual_applianceMatch10.1_base

ciscoweb_security_virtual_applianceMatch10.5.1

ciscoweb_security_virtual_applianceMatch10.5_base

ciscoweb_security_virtual_applianceMatch11.0.0

ciscoweb_security_virtual_applianceMatch11.0_base

VendorProductVersionCPE
ciscoweb_security_appliance10.0.0-232cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*
ciscoweb_security_appliance10.0.0-233cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*
ciscoweb_security_appliance10.0_basecpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*
ciscoweb_security_appliance10.1.0cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*
ciscoweb_security_appliance10.1.0-204cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*
ciscoweb_security_appliance10.1.1-230cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*
ciscoweb_security_appliance10.5.0cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*
ciscoweb_security_appliance10.5.0-358cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*
ciscoweb_security_appliance11.0.0cpe:2.3:a:cisco:web_security_appliance:11.0.0:*:*:*:*:*:*:*
ciscoweb_security_appliance11.0.0-613cpe:2.3:a:cisco:web_security_appliance:11.0.0-613:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	web_security_appliance	10.0.0-232	cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:::::::*
cisco	web_security_appliance	10.0.0-233	cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:::::::*
cisco	web_security_appliance	10.0_base	cpe:2.3:a:cisco:web_security_appliance:10.0_base:::::::*
cisco	web_security_appliance	10.1.0	cpe:2.3:a:cisco:web_security_appliance:10.1.0:::::::*
cisco	web_security_appliance	10.1.0-204	cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:::::::*
cisco	web_security_appliance	10.1.1-230	cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:::::::*
cisco	web_security_appliance	10.5.0	cpe:2.3:a:cisco:web_security_appliance:10.5.0:::::::*
cisco	web_security_appliance	10.5.0-358	cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:::::::*
cisco	web_security_appliance	11.0.0	cpe:2.3:a:cisco:web_security_appliance:11.0.0:::::::*
cisco	web_security_appliance	11.0.0-613	cpe:2.3:a:cisco:web_security_appliance:11.0.0-613:::::::*

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "product": "Cisco Web Security Appliance",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Web Security Appliance"
      }
    ]
  }
]

References

www.securityfocus.com/bid/99918

www.securitytracker.com/id/1038956

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2017-6748