CVE-2017-6746
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235.
Una vulnerabilidad en la interfaz web de Web Security Appliance (WSA) de Cisco, podría permitir a un atacante remoto autenticado realizar la inyección de comandos y elevar los privilegios a root. El atacante necesita autenticarse con credenciales de administrador válidas. Productos afectados: Cisco AsyncOS Software versión 10.0 y posterior para WSA tanto en dispositivos virtuales como de hardware. Más información: CSCvd88862. Versiones afectadas conocidas: 10.1.0-204. Versiones fijas conocidas: 10.5.1-270 10.1.1-235.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-09 CVE Reserved
- 2017-07-25 CVE Published
- 2023-09-20 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/99877 | Third Party Advisory | |
http://www.securitytracker.com/id/1038948 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1 | 2017-08-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | 10.0.0-233 Search vendor "Cisco" for product "Web Security Appliance" and version "10.0.0-233" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | 10.0_base Search vendor "Cisco" for product "Web Security Appliance" and version "10.0_base" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | 10.1.0 Search vendor "Cisco" for product "Web Security Appliance" and version "10.1.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | 10.1.0-204 Search vendor "Cisco" for product "Web Security Appliance" and version "10.1.0-204" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | 10.1.1-230 Search vendor "Cisco" for product "Web Security Appliance" and version "10.1.1-230" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | 10.1.1-234 Search vendor "Cisco" for product "Web Security Appliance" and version "10.1.1-234" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | 10.5.0 Search vendor "Cisco" for product "Web Security Appliance" and version "10.5.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | 10.5.0-358 Search vendor "Cisco" for product "Web Security Appliance" and version "10.5.0-358" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | 11.0.0 Search vendor "Cisco" for product "Web Security Appliance" and version "11.0.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | 11.0.0-613 Search vendor "Cisco" for product "Web Security Appliance" and version "11.0.0-613" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | 11.0.0-641 Search vendor "Cisco" for product "Web Security Appliance" and version "11.0.0-641" | - |
Affected
|