cvelistv5 - cve-2017-6748

cve-2017-6748

Vulnerability from cvelistv5

Published

2017-07-25 19:00

Modified

2024-08-05 15:41

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/99918	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1038956	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99918	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038956	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Cisco Web Security Appliance

Version: Cisco Web Security Appliance

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038956",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038956"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2"
          },
          {
            "name": "99918",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99918"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Web Security Appliance",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Web Security Appliance"
            }
          ]
        }
      ],
      "datePublic": "2017-07-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command Injection and Privilege Escalation Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-26T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1038956",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038956"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2"
        },
        {
          "name": "99918",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99918"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6748",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Web Security Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Web Security Appliance"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command Injection and Privilege Escalation Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038956",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038956"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2"
            },
            {
              "name": "99918",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99918"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6748",
    "datePublished": "2017-07-25T19:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:17.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F4BDE8C-6D41-4BCF-8BB3-9256E2AD09E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C84C8F0-4722-4385-B3CD-86E05F3D72BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79B251F2-C0EF-41A5-9318-CAB6FF8D7D5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6845F048-06E0-4F5D-A2BD-A8D856530D15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC71F9F5-B0BA-4415-A4C8-9D0B15732A54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F89E6946-5451-4A35-BD48-BA260B7928F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F68D77CC-8FA7-436C-9799-EB691D145C3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96C185A6-D4DE-4EA0-952D-714CCCAF2B00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:11.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E9EA61C-3D1D-463A-802A-0073183CE39C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:11.0.0-613:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F8BB0F9-F14B-4EA5-B24E-FED0B8C1B264\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69528D17-2EA4-4CF5-B2D4-26B185C66ED8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F260BF88-C6C4-41B7-BDE7-EC1CF4EFB74F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BED59A8D-41E6-448E-AEEF-91400742CC0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFF6B908-B1A0-48FC-A481-CA2AF9738BE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F432D2A9-AF00-4578-B1DC-171876CE1C39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD97A391-7E07-46EC-85D6-C17D1EB753A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"679B5A90-ED85-4086-916B-664FF2DD9EB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:11.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5FAE893-BD18-481B-A65D-D2F235571836\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:11.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"599D1619-F27A-4205-972C-3B4B9578C2E2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el analizador de la CLI de Web Security Appliance (WSA) de Cisco, podr\\u00eda permitir a un atacante local autenticado realizar la inyecci\\u00f3n de comandos y elevar los privilegios a root. El atacante necesita autenticarse con credenciales v\\u00e1lidas de nivel de operador o de administrador. Productos afectados: versiones virtuales y de hardware de Web Security Appliance (WSA) de Cisco. M\\u00e1s informaci\\u00f3n: CSCvd88855. Versiones afectadas conocidas: 10.1.0-204. Versiones fijas conocidas: 10.5.1-270 10.1.1-234.\"}]",
      "id": "CVE-2017-6748",
      "lastModified": "2024-11-21T03:30:26.477",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-07-25T19:29:00.270",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/99918\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038956\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99918\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038956\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-74\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6748\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2017-07-25T19:29:00.270\",\"lastModified\":\"2024-11-21T03:30:26.477\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el analizador de la CLI de Web Security Appliance (WSA) de Cisco, podr\u00eda permitir a un atacante local autenticado realizar la inyecci\u00f3n de comandos y elevar los privilegios a root. El atacante necesita autenticarse con credenciales v\u00e1lidas de nivel de operador o de administrador. Productos afectados: versiones virtuales y de hardware de Web Security Appliance (WSA) de Cisco. M\u00e1s informaci\u00f3n: CSCvd88855. Versiones afectadas conocidas: 10.1.0-204. Versiones fijas conocidas: 10.5.1-270 10.1.1-234.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F4BDE8C-6D41-4BCF-8BB3-9256E2AD09E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C84C8F0-4722-4385-B3CD-86E05F3D72BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79B251F2-C0EF-41A5-9318-CAB6FF8D7D5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6845F048-06E0-4F5D-A2BD-A8D856530D15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC71F9F5-B0BA-4415-A4C8-9D0B15732A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F89E6946-5451-4A35-BD48-BA260B7928F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F68D77CC-8FA7-436C-9799-EB691D145C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96C185A6-D4DE-4EA0-952D-714CCCAF2B00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E9EA61C-3D1D-463A-802A-0073183CE39C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:11.0.0-613:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F8BB0F9-F14B-4EA5-B24E-FED0B8C1B264\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69528D17-2EA4-4CF5-B2D4-26B185C66ED8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F260BF88-C6C4-41B7-BDE7-EC1CF4EFB74F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BED59A8D-41E6-448E-AEEF-91400742CC0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF6B908-B1A0-48FC-A481-CA2AF9738BE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F432D2A9-AF00-4578-B1DC-171876CE1C39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD97A391-7E07-46EC-85D6-C17D1EB753A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"679B5A90-ED85-4086-916B-664FF2DD9EB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5FAE893-BD18-481B-A65D-D2F235571836\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:11.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"599D1619-F27A-4205-972C-3B4B9578C2E2\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99918\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038956\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038956\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

gsd-2017-6748

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-6748

Aliases

CVE-2017-6748

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6748",
    "description": "A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234.",
    "id": "GSD-2017-6748"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6748"
      ],
      "details": "A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234.",
      "id": "GSD-2017-6748",
      "modified": "2023-12-13T01:21:10.055799Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-6748",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Web Security Appliance",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Web Security Appliance"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Command Injection and Privilege Escalation Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038956",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038956"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2"
          },
          {
            "name": "99918",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99918"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:11.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:11.0.0-613:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6748"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2"
            },
            {
              "name": "1038956",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038956"
            },
            {
              "name": "99918",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99918"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-07-25T19:29Z"
    }
  }
}

A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234. Vendors have confirmed this vulnerability Bug ID CSCvd88855 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges. This issue is being tracked by Cisco bug ID CSCvd88855. CLI parser is one of the command line command parsers

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0952",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.1.0"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.0.0"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.5.1"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0.0-232"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0_base"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.1.1-230"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.1.0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.0.0"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0.0"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0_base"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "10.1.0-204"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.1.1"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.1_base"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.0_base"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.0.0-613"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.5.0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.0.0-233"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.5_base"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.5.0-358"
      },
      {
        "model": "web security the appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "web security virtual appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "web security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5.1-270"
      },
      {
        "model": "web security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.1.1-234"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99918"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6748"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1179"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:11.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:11.0.0-613:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6748"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Daniel Jensen of Security-Assessment.com.",
    "sources": [
      {
        "db": "BID",
        "id": "99918"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1179"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-6748",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-6748",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-114951",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6748",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6748",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-1179",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114951",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114951"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6748"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1179"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234. Vendors have confirmed this vulnerability Bug ID CSCvd88855 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges. \nThis issue is being tracked by Cisco bug ID CSCvd88855. CLI parser is one of the command line command parsers",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6748"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006464"
      },
      {
        "db": "BID",
        "id": "99918"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114951"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6748",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "99918",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1038956",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006464",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1179",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-114951",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114951"
      },
      {
        "db": "BID",
        "id": "99918"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6748"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1179"
      }
    ]
  },
  "id": "VAR-201707-0952",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114951"
      }
    ],
    "trust": 0.54624132
  },
  "last_update_date": "2023-12-18T14:05:44.734000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170719-wsa2",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170719-wsa2"
      },
      {
        "title": "Cisco Web Security Appliance CLI Remediation measures for resolver security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=72024"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1179"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-74",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114951"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6748"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170719-wsa2"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99918"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1038956"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6748"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6748"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114951"
      },
      {
        "db": "BID",
        "id": "99918"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6748"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1179"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114951"
      },
      {
        "db": "BID",
        "id": "99918"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006464"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6748"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1179"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114951"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "BID",
        "id": "99918"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006464"
      },
      {
        "date": "2017-07-25T19:29:00.270000",
        "db": "NVD",
        "id": "CVE-2017-6748"
      },
      {
        "date": "2017-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1179"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114951"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "BID",
        "id": "99918"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006464"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-6748"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1179"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "99918"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1179"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Web Security Appliance Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006464"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1179"
      }
    ],
    "trust": 0.6
  }
}

ghsa-r5r7-8mwx-vxq9

Vulnerability from github

Published

2022-05-13 01:46

Modified

2022-05-13 01:46

Severity ?

6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6748"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-25T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234.",
  "id": "GHSA-r5r7-8mwx-vxq9",
  "modified": "2022-05-13T01:46:45Z",
  "published": "2022-05-13T01:46:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6748"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99918"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038956"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2017-6748

Vulnerability from fkie_nvd

Published

2017-07-25 19:29

Modified

2024-11-21 03:30

Severity ?

6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/99918	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1038956	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99918	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038956	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	web_security_appliance	10.0.0-232
cisco	web_security_appliance	10.0.0-233
cisco	web_security_appliance	10.0_base
cisco	web_security_appliance	10.1.0
cisco	web_security_appliance	10.1.0-204
cisco	web_security_appliance	10.1.1-230
cisco	web_security_appliance	10.5.0
cisco	web_security_appliance	10.5.0-358
cisco	web_security_appliance	11.0.0
cisco	web_security_appliance	11.0.0-613
cisco	web_security_virtual_appliance	10.0.0
cisco	web_security_virtual_appliance	10.0_base
cisco	web_security_virtual_appliance	10.1.0
cisco	web_security_virtual_appliance	10.1.1
cisco	web_security_virtual_appliance	10.1_base
cisco	web_security_virtual_appliance	10.5.1
cisco	web_security_virtual_appliance	10.5_base
cisco	web_security_virtual_appliance	11.0.0
cisco	web_security_virtual_appliance	11.0_base

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F4BDE8C-6D41-4BCF-8BB3-9256E2AD09E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C84C8F0-4722-4385-B3CD-86E05F3D72BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "79B251F2-C0EF-41A5-9318-CAB6FF8D7D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6845F048-06E0-4F5D-A2BD-A8D856530D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC71F9F5-B0BA-4415-A4C8-9D0B15732A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89E6946-5451-4A35-BD48-BA260B7928F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F68D77CC-8FA7-436C-9799-EB691D145C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C185A6-D4DE-4EA0-952D-714CCCAF2B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E9EA61C-3D1D-463A-802A-0073183CE39C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:11.0.0-613:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F8BB0F9-F14B-4EA5-B24E-FED0B8C1B264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69528D17-2EA4-4CF5-B2D4-26B185C66ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "F260BF88-C6C4-41B7-BDE7-EC1CF4EFB74F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BED59A8D-41E6-448E-AEEF-91400742CC0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF6B908-B1A0-48FC-A481-CA2AF9738BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "F432D2A9-AF00-4578-B1DC-171876CE1C39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD97A391-7E07-46EC-85D6-C17D1EB753A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "679B5A90-ED85-4086-916B-664FF2DD9EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5FAE893-BD18-481B-A65D-D2F235571836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:11.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "599D1619-F27A-4205-972C-3B4B9578C2E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el analizador de la CLI de Web Security Appliance (WSA) de Cisco, podr\u00eda permitir a un atacante local autenticado realizar la inyecci\u00f3n de comandos y elevar los privilegios a root. El atacante necesita autenticarse con credenciales v\u00e1lidas de nivel de operador o de administrador. Productos afectados: versiones virtuales y de hardware de Web Security Appliance (WSA) de Cisco. M\u00e1s informaci\u00f3n: CSCvd88855. Versiones afectadas conocidas: 10.1.0-204. Versiones fijas conocidas: 10.5.1-270 10.1.1-234."
    }
  ],
  "id": "CVE-2017-6748",
  "lastModified": "2024-11-21T03:30:26.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-25T19:29:00.270",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99918"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038956"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2017-6748

Vulnerability from cvelistv5

gsd-2017-6748

Vulnerability from gsd

var-201707-0952

Vulnerability from variot

ghsa-r5r7-8mwx-vxq9

Vulnerability from github

cve-2017-6748

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature