cvelistv5 - cve-2017-6750

cve-2017-6750

Vulnerability from cvelistv5

Published

2017-07-25 19:00

Modified

2024-08-05 15:41

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/99924	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1038958	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99924	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038958	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Cisco Web Security Appliance

Version: Cisco Web Security Appliance

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.233Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99924",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99924"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4"
          },
          {
            "name": "1038958",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038958"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Web Security Appliance",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Web Security Appliance"
            }
          ]
        }
      ],
      "datePublic": "2017-07-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Static Credentials Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-26T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "99924",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99924"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4"
        },
        {
          "name": "1038958",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038958"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6750",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Web Security Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Web Security Appliance"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Static Credentials Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99924",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99924"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4"
            },
            {
              "name": "1038958",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038958"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6750",
    "datePublished": "2017-07-25T19:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:17.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F4BDE8C-6D41-4BCF-8BB3-9256E2AD09E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C84C8F0-4722-4385-B3CD-86E05F3D72BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79B251F2-C0EF-41A5-9318-CAB6FF8D7D5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6845F048-06E0-4F5D-A2BD-A8D856530D15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC71F9F5-B0BA-4415-A4C8-9D0B15732A54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F89E6946-5451-4A35-BD48-BA260B7928F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.1.1-234:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F88C4824-EAE3-4636-92BE-1ADF944B1EAC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.1.1-235:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BA9660A-C242-4080-9B38-A819A3BBCF70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F68D77CC-8FA7-436C-9799-EB691D145C3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96C185A6-D4DE-4EA0-952D-714CCCAF2B00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69528D17-2EA4-4CF5-B2D4-26B185C66ED8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F260BF88-C6C4-41B7-BDE7-EC1CF4EFB74F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BED59A8D-41E6-448E-AEEF-91400742CC0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFF6B908-B1A0-48FC-A481-CA2AF9738BE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F432D2A9-AF00-4578-B1DC-171876CE1C39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD97A391-7E07-46EC-85D6-C17D1EB753A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"679B5A90-ED85-4086-916B-664FF2DD9EB7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en AsyncOS para Web Security Appliance (WSA) de  Cisco, podr\\u00eda permitir a un atacante local no autenticado iniciar sesi\\u00f3n en el dispositivo con los privilegios de un usuario limitado o un atacante remoto no autenticado para autenticarse en ciertas \\u00e1reas de la GUI basada en web, tambi\\u00e9n se conoce como Vulnerabilidad de Credenciales Est\\u00e1ticas. Productos afectados: versiones virtuales y de hardware de Web Security Appliance (WSA) de Cisco. M\\u00e1s informaci\\u00f3n: CSCve06124. Versiones afectadas conocidas: 10.1.0-204. Versiones fijas conocidas: 10.5.1-270.\"}]",
      "id": "CVE-2017-6750",
      "lastModified": "2024-11-21T03:30:26.727",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-07-25T19:29:00.333",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/99924\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038958\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99924\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038958\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1188\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6750\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2017-07-25T19:29:00.333\",\"lastModified\":\"2024-11-21T03:30:26.727\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en AsyncOS para Web Security Appliance (WSA) de  Cisco, podr\u00eda permitir a un atacante local no autenticado iniciar sesi\u00f3n en el dispositivo con los privilegios de un usuario limitado o un atacante remoto no autenticado para autenticarse en ciertas \u00e1reas de la GUI basada en web, tambi\u00e9n se conoce como Vulnerabilidad de Credenciales Est\u00e1ticas. Productos afectados: versiones virtuales y de hardware de Web Security Appliance (WSA) de Cisco. M\u00e1s informaci\u00f3n: CSCve06124. Versiones afectadas conocidas: 10.1.0-204. Versiones fijas conocidas: 10.5.1-270.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1188\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F4BDE8C-6D41-4BCF-8BB3-9256E2AD09E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C84C8F0-4722-4385-B3CD-86E05F3D72BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79B251F2-C0EF-41A5-9318-CAB6FF8D7D5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6845F048-06E0-4F5D-A2BD-A8D856530D15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC71F9F5-B0BA-4415-A4C8-9D0B15732A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F89E6946-5451-4A35-BD48-BA260B7928F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.1.1-234:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F88C4824-EAE3-4636-92BE-1ADF944B1EAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.1.1-235:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BA9660A-C242-4080-9B38-A819A3BBCF70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F68D77CC-8FA7-436C-9799-EB691D145C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96C185A6-D4DE-4EA0-952D-714CCCAF2B00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69528D17-2EA4-4CF5-B2D4-26B185C66ED8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F260BF88-C6C4-41B7-BDE7-EC1CF4EFB74F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BED59A8D-41E6-448E-AEEF-91400742CC0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF6B908-B1A0-48FC-A481-CA2AF9738BE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F432D2A9-AF00-4578-B1DC-171876CE1C39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD97A391-7E07-46EC-85D6-C17D1EB753A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"679B5A90-ED85-4086-916B-664FF2DD9EB7\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99924\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038958\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99924\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

cve-2017-6750

Vulnerability from fkie_nvd

Published

2017-07-25 19:29

Modified

2024-11-21 03:30

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/99924	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1038958	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99924	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038958	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	web_security_appliance	10.0.0-232
cisco	web_security_appliance	10.0.0-233
cisco	web_security_appliance	10.0_base
cisco	web_security_appliance	10.1.0
cisco	web_security_appliance	10.1.0-204
cisco	web_security_appliance	10.1.1-230
cisco	web_security_appliance	10.1.1-234
cisco	web_security_appliance	10.1.1-235
cisco	web_security_appliance	10.5.0
cisco	web_security_appliance	10.5.0-358
cisco	web_security_virtual_appliance	10.0.0
cisco	web_security_virtual_appliance	10.0_base
cisco	web_security_virtual_appliance	10.1.0
cisco	web_security_virtual_appliance	10.1.1
cisco	web_security_virtual_appliance	10.1_base
cisco	web_security_virtual_appliance	10.5.1
cisco	web_security_virtual_appliance	10.5_base

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F4BDE8C-6D41-4BCF-8BB3-9256E2AD09E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C84C8F0-4722-4385-B3CD-86E05F3D72BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "79B251F2-C0EF-41A5-9318-CAB6FF8D7D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6845F048-06E0-4F5D-A2BD-A8D856530D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC71F9F5-B0BA-4415-A4C8-9D0B15732A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89E6946-5451-4A35-BD48-BA260B7928F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-234:*:*:*:*:*:*:*",
              "matchCriteriaId": "F88C4824-EAE3-4636-92BE-1ADF944B1EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-235:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BA9660A-C242-4080-9B38-A819A3BBCF70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F68D77CC-8FA7-436C-9799-EB691D145C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C185A6-D4DE-4EA0-952D-714CCCAF2B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69528D17-2EA4-4CF5-B2D4-26B185C66ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "F260BF88-C6C4-41B7-BDE7-EC1CF4EFB74F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BED59A8D-41E6-448E-AEEF-91400742CC0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF6B908-B1A0-48FC-A481-CA2AF9738BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "F432D2A9-AF00-4578-B1DC-171876CE1C39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD97A391-7E07-46EC-85D6-C17D1EB753A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "679B5A90-ED85-4086-916B-664FF2DD9EB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en AsyncOS para Web Security Appliance (WSA) de  Cisco, podr\u00eda permitir a un atacante local no autenticado iniciar sesi\u00f3n en el dispositivo con los privilegios de un usuario limitado o un atacante remoto no autenticado para autenticarse en ciertas \u00e1reas de la GUI basada en web, tambi\u00e9n se conoce como Vulnerabilidad de Credenciales Est\u00e1ticas. Productos afectados: versiones virtuales y de hardware de Web Security Appliance (WSA) de Cisco. M\u00e1s informaci\u00f3n: CSCve06124. Versiones afectadas conocidas: 10.1.0-204. Versiones fijas conocidas: 10.5.1-270."
    }
  ],
  "id": "CVE-2017-6750",
  "lastModified": "2024-11-21T03:30:26.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-25T19:29:00.333",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99924"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038958"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2017-6750

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-6750

Aliases

CVE-2017-6750

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6750",
    "description": "A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.",
    "id": "GSD-2017-6750"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6750"
      ],
      "details": "A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.",
      "id": "GSD-2017-6750",
      "modified": "2023-12-13T01:21:09.583389Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-6750",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Web Security Appliance",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Web Security Appliance"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Static Credentials Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "99924",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99924"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4"
          },
          {
            "name": "1038958",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038958"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-235:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-234:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6750"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-1188"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4"
            },
            {
              "name": "1038958",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038958"
            },
            {
              "name": "99924",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99924"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-07-25T19:29Z"
    }
  }
}

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270. Vendors have confirmed this vulnerability Bug ID CSCve06124 It is released as.Information may be tampered with. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCve06124. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. AsyncOS is an operating system that runs on it. An attacker could exploit this vulnerability by connecting to an affected system using a default account to view the system's serial number

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0954",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.1.0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.1.0"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.5.1"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0.0-232"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0.0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.1.1-235"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.5_base"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0_base"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0_base"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.1.1-230"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "10.1.0-204"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.1.1"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.5.0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.0.0-233"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.5.0-358"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.1.1-234"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.1_base"
      },
      {
        "model": "web security the appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "web security virtual appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "asyncos software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.1.0-204"
      },
      {
        "model": "web security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5.1-270"
      },
      {
        "model": "asyncos software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5.1-270"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006450"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1176"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-235:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-234:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6750"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Daniel Jensen from Security-Assessment.com.",
    "sources": [
      {
        "db": "BID",
        "id": "99924"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1176"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-6750",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6750",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-114953",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6750",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6750",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-1176",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114953",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006450"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1176"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270. Vendors have confirmed this vulnerability Bug ID CSCve06124 It is released as.Information may be tampered with. \nRemote attackers with knowledge of the default credentials may exploit  this vulnerability to gain unauthorized access and perform unauthorized  actions. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCve06124. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. AsyncOS is an operating system that runs on it. An attacker could exploit this vulnerability by connecting to an affected system using a default account to view the system\u0027s serial number",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006450"
      },
      {
        "db": "BID",
        "id": "99924"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114953"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6750",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "99924",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1038958",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006450",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1176",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-114953",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114953"
      },
      {
        "db": "BID",
        "id": "99924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006450"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1176"
      }
    ]
  },
  "id": "VAR-201707-0954",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114953"
      }
    ],
    "trust": 0.69216826
  },
  "last_update_date": "2023-12-18T13:48:31.884000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170719-wsa4",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170719-wsa4"
      },
      {
        "title": "Cisco Web Security Appliance AsyncOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=72021"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006450"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1176"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-1188",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-255",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006450"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6750"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170719-wsa4"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99924"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1038958"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6750"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6750"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114953"
      },
      {
        "db": "BID",
        "id": "99924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006450"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1176"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114953"
      },
      {
        "db": "BID",
        "id": "99924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006450"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1176"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114953"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "BID",
        "id": "99924"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006450"
      },
      {
        "date": "2017-07-25T19:29:00.333000",
        "db": "NVD",
        "id": "CVE-2017-6750"
      },
      {
        "date": "2017-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1176"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114953"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "BID",
        "id": "99924"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006450"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-6750"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1176"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1176"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Web Security Appliance Vulnerabilities related to certificate and password management",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006450"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1176"
      }
    ],
    "trust": 0.6
  }
}

ghsa-8hj4-pmp7-hg69

Vulnerability from github

Published

2022-05-13 01:46

Modified

2022-05-13 01:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6750"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-25T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.",
  "id": "GHSA-8hj4-pmp7-hg69",
  "modified": "2022-05-13T01:46:46Z",
  "published": "2022-05-13T01:46:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6750"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99924"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038958"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2017-6750

Vulnerability from cvelistv5

cve-2017-6750

Vulnerability from fkie_nvd

gsd-2017-6750

Vulnerability from gsd

var-201707-0954

Vulnerability from variot

ghsa-8hj4-pmp7-hg69

Vulnerability from github

Tags

Sightings

Nomenclature