CVE-2015-0693

Published: Apr 15, 2015Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259.

Affected (1)

Products: Cisco: Web Security Appliance

1 product

Web Security Appliance

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Web Security Appliance	Version 8.5_base

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://tools.cisco.com/security/center/viewAlert.x?alertId=38306

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1032097

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/viewAlert.x?alertId=38306

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1032097

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.