← Back

CVE-2017-6748

nvd nist
Published: Jul 25, 2017Modified: May 13, 2026

JSON object

Loading...
6.7
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234.

Affected (19)

Cisco
2 products
Web Security Appliance
Web Security Virtual Appliance
Configuration A
19 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Web Security Appliance
Version 10.0.0-232
Web Security Appliance
Version 10.0.0-233
Web Security Appliance
Version 10.0_base
Web Security Appliance
Version 10.1.0-204
Web Security Appliance
Version 10.1.0
Web Security Appliance
Version 10.1.1-230
Web Security Appliance
Version 10.5.0-358
Web Security Appliance
Version 10.5.0
Web Security Appliance
Version 11.0.0-613
Web Security Appliance
Version 11.0.0
Cisco
Web Security Virtual Appliance
Version 10.0.0
Web Security Virtual Appliance
Version 10.0_base
Web Security Virtual Appliance
Version 10.1.0
Web Security Virtual Appliance
Version 10.1.1
Web Security Virtual Appliance
Version 10.1_base
Web Security Virtual Appliance
Version 10.5.1
Web Security Virtual Appliance
Version 10.5_base
Web Security Virtual Appliance
Version 11.0.0
Web Security Virtual Appliance
Version 11.0_base

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (6)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.