CVE-2017-6746 - OpenCVE

A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Web Security Appliance

Configuration 1 [-]

OR	cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.0_base:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.0:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.1-234:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.5.0:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:::::::*
	cpe:2.3:a:cisco:web_security_appliance:11.0.0:::::::*
	cpe:2.3:a:cisco:web_security_appliance:11.0.0-613:::::::*
	cpe:2.3:a:cisco:web_security_appliance:11.0.0-641:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/99877
http://www.securitytracker.com/id/1038948
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2017-07-25T19:00:00

Updated: 2024-08-05T15:41:17.024Z

Reserved: 2017-03-09T00:00:00

Link: CVE-2017-6746

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-07-25T19:29:00.240

Modified: 2017-08-08T16:40:16.760

Link: CVE-2017-6746

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object