Vulnerability Description
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Web Security Appliance | 10.0.0-232 |
| Cisco | Web Security Virtual Appliance | 10.0.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99918Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038956Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/99918Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038956Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-6748?
CVE-2017-6748 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must ...
How severe is CVE-2017-6748?
CVE-2017-6748 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6748?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Web Security Appliance, Cisco Web Security Virtual Appliance.