← Back

CVE-2017-6746

nvd nist
Published: Jul 25, 2017Modified: May 13, 2026

JSON object

Loading...
7.2
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235.

Affected (11)

Cisco
1 product
Web Security Appliance
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Web Security Appliance
Version 10.0.0-233
Web Security Appliance
Version 10.0_base
Web Security Appliance
Version 10.1.0-204
Web Security Appliance
Version 10.1.0
Web Security Appliance
Version 10.1.1-230
Web Security Appliance
Version 10.1.1-234
Web Security Appliance
Version 10.5.0-358
Web Security Appliance
Version 10.5.0
Web Security Appliance
Version 11.0.0-613
Web Security Appliance
Version 11.0.0-641
Web Security Appliance
Version 11.0.0

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.