CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2017-6748
https://notcve.org/view.php?id=CVE-2017-6748
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. • http://www.securityfocus.com/bid/99918 http://www.securitytracker.com/id/1038956 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2017-6751
https://notcve.org/view.php?id=CVE-2017-6751
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485. Una vulnerabilidad en la funcionalidad proxy web de Cisco Web Security Appearance (WSA) podría permitir que un atacante remoto no autenticado redirija tráfico de la interfaz proxy web de un dispositivo afectado a una interfaz de administración de un dispositivo afectado. • http://www.securityfocus.com/bid/99967 http://www.securitytracker.com/id/1038959 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5 • CWE-20: Improper Input Validation •