cvelistv5 - cve-2017-6751

CVE-2017-6751 (GCVE-0-2017-6751)

Vulnerability from cvelistv5 – Published: 2017-07-25 19:00 – Updated: 2024-08-05 15:41

Summary

Severity ?

No CVSS data available.

CWE

Access Control Bypass Vulnerability

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/99967	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038959	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco Web Security Appliance	Affected: Cisco Web Security Appliance

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99967",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5"
          },
          {
            "name": "1038959",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038959"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Web Security Appliance",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Web Security Appliance"
            }
          ]
        }
      ],
      "datePublic": "2017-07-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Access Control Bypass Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "99967",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5"
        },
        {
          "name": "1038959",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038959"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6751",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Web Security Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Web Security Appliance"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Access Control Bypass Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99967",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99967"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5"
            },
            {
              "name": "1038959",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038959"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6751",
    "datePublished": "2017-07-25T19:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:17.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:9.0.0-162:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5BF001A-7ADB-4976-8A50-0EFC53FB6AEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:9.0.0-193:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AD5471D-6A95-4BF2-9ECB-3F7AE74BCE57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:9.0.0-485:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72CE42EB-F7F1-4F68-BFCF-B452A2C0AC13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F4BDE8C-6D41-4BCF-8BB3-9256E2AD09E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C84C8F0-4722-4385-B3CD-86E05F3D72BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC71F9F5-B0BA-4415-A4C8-9D0B15732A54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:9.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CAE1AB3-224F-473D-8E41-DF641CFBF864\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69528D17-2EA4-4CF5-B2D4-26B185C66ED8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BED59A8D-41E6-448E-AEEF-91400742CC0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFF6B908-B1A0-48FC-A481-CA2AF9738BE0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la funcionalidad proxy web de Cisco Web Security Appearance (WSA) podr\\u00eda permitir que un atacante remoto no autenticado redirija tr\\u00e1fico de la interfaz proxy web de un dispositivo afectado a una interfaz de administraci\\u00f3n de un dispositivo afectado. Esta vulnerabilidad tambi\\u00e9n se conoce como \\\"Access Control Bypass Vulnerability\\\". Productos afectados: versiones de hardware y virtuales de Cisco Web Security Appliance (WSA). M\\u00e1s informaci\\u00f3n: CSCvd88863. Versiones afectadas conocidas: 10.1.0-204 9.0.0-485.\"}]",
      "id": "CVE-2017-6751",
      "lastModified": "2024-11-21T03:30:26.850",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-07-25T19:29:00.363",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/99967\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038959\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99967\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038959\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6751\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2017-07-25T19:29:00.363\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la funcionalidad proxy web de Cisco Web Security Appearance (WSA) podr\u00eda permitir que un atacante remoto no autenticado redirija tr\u00e1fico de la interfaz proxy web de un dispositivo afectado a una interfaz de administraci\u00f3n de un dispositivo afectado. Esta vulnerabilidad tambi\u00e9n se conoce como \\\"Access Control Bypass Vulnerability\\\". Productos afectados: versiones de hardware y virtuales de Cisco Web Security Appliance (WSA). M\u00e1s informaci\u00f3n: CSCvd88863. Versiones afectadas conocidas: 10.1.0-204 9.0.0-485.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:9.0.0-162:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5BF001A-7ADB-4976-8A50-0EFC53FB6AEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:9.0.0-193:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AD5471D-6A95-4BF2-9ECB-3F7AE74BCE57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:9.0.0-485:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72CE42EB-F7F1-4F68-BFCF-B452A2C0AC13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F4BDE8C-6D41-4BCF-8BB3-9256E2AD09E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C84C8F0-4722-4385-B3CD-86E05F3D72BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC71F9F5-B0BA-4415-A4C8-9D0B15732A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:9.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CAE1AB3-224F-473D-8E41-DF641CFBF864\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69528D17-2EA4-4CF5-B2D4-26B185C66ED8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BED59A8D-41E6-448E-AEEF-91400742CC0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF6B908-B1A0-48FC-A481-CA2AF9738BE0\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99967\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038959\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99967\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038959\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2017-6751

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6751

Aliases

CVE-2017-6751

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6751",
    "description": "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.",
    "id": "GSD-2017-6751"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6751"
      ],
      "details": "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.",
      "id": "GSD-2017-6751",
      "modified": "2023-12-13T01:21:09.845346Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-6751",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Web Security Appliance",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Web Security Appliance"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Access Control Bypass Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "99967",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99967"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5"
          },
          {
            "name": "1038959",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038959"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-162:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-193:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-485:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:9.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6751"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5"
            },
            {
              "name": "1038959",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038959"
            },
            {
              "name": "99967",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99967"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-04-05T17:57Z",
      "publishedDate": "2017-07-25T19:29Z"
    }
  }
}

VAR-201707-0955

Vulnerability from variot - Updated: 2023-12-18 12:51

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485. Vendors have confirmed this vulnerability Bug ID CSCvd88863 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvd88863. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0955",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.1.1"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.1.0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.0.0-193"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0.0-232"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0.0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.0.0-162"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.0.0"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "9.0.0-485"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "10.1.0-204"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.0.0-233"
      },
      {
        "model": "web security the appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "web security virtual appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "10.0_base"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "9.0_base"
      },
      {
        "model": "web security virtual appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "10.0_base"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11.0.0-641"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5.1-270"
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.1.1-235"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006451"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1234"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-162:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-193:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-485:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:9.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6751"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Daniel Jensen of Security-Assessment.com.",
    "sources": [
      {
        "db": "BID",
        "id": "99967"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6751",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6751",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-114954",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6751",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6751",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-1234",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114954",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114954"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006451"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1234"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485. Vendors have confirmed this vulnerability Bug ID CSCvd88863 It is released as.Information may be tampered with. \nAn attacker can exploit this issue to bypass security restrictions and  perform unauthorized actions. This may aid in further attacks. \nThis issue is tracked by Cisco Bug ID CSCvd88863. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006451"
      },
      {
        "db": "BID",
        "id": "99967"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114954"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6751",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "99967",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1038959",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006451",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1234",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-114954",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114954"
      },
      {
        "db": "BID",
        "id": "99967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006451"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1234"
      }
    ]
  },
  "id": "VAR-201707-0955",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114954"
      }
    ],
    "trust": 0.54624132
  },
  "last_update_date": "2023-12-18T12:51:10.700000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170719-wsa5",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170719-wsa5"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006451"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114954"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006451"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6751"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170719-wsa5"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99967"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1038959"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6751"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6751"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114954"
      },
      {
        "db": "BID",
        "id": "99967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006451"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1234"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114954"
      },
      {
        "db": "BID",
        "id": "99967"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006451"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1234"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114954"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "BID",
        "id": "99967"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006451"
      },
      {
        "date": "2017-07-25T19:29:00.363000",
        "db": "NVD",
        "id": "CVE-2017-6751"
      },
      {
        "date": "2017-07-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1234"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114954"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "BID",
        "id": "99967"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006451"
      },
      {
        "date": "2021-04-05T17:57:43.040000",
        "db": "NVD",
        "id": "CVE-2017-6751"
      },
      {
        "date": "2021-04-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1234"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1234"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Web Security Appliance Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006451"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1234"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-6751

Vulnerability from fkie_nvd - Published: 2017-07-25 19:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/99967	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1038959	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99967	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038959	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	web_security_appliance	9.0.0-162
cisco	web_security_appliance	9.0.0-193
cisco	web_security_appliance	9.0.0-485
cisco	web_security_appliance	10.0.0-232
cisco	web_security_appliance	10.0.0-233
cisco	web_security_appliance	10.1.0-204
cisco	web_security_virtual_appliance	9.0.0
cisco	web_security_virtual_appliance	10.0.0
cisco	web_security_virtual_appliance	10.1.0
cisco	web_security_virtual_appliance	10.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-162:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5BF001A-7ADB-4976-8A50-0EFC53FB6AEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-193:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AD5471D-6A95-4BF2-9ECB-3F7AE74BCE57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-485:*:*:*:*:*:*:*",
              "matchCriteriaId": "72CE42EB-F7F1-4F68-BFCF-B452A2C0AC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F4BDE8C-6D41-4BCF-8BB3-9256E2AD09E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C84C8F0-4722-4385-B3CD-86E05F3D72BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC71F9F5-B0BA-4415-A4C8-9D0B15732A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:9.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CAE1AB3-224F-473D-8E41-DF641CFBF864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69528D17-2EA4-4CF5-B2D4-26B185C66ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BED59A8D-41E6-448E-AEEF-91400742CC0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF6B908-B1A0-48FC-A481-CA2AF9738BE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad proxy web de Cisco Web Security Appearance (WSA) podr\u00eda permitir que un atacante remoto no autenticado redirija tr\u00e1fico de la interfaz proxy web de un dispositivo afectado a una interfaz de administraci\u00f3n de un dispositivo afectado. Esta vulnerabilidad tambi\u00e9n se conoce como \"Access Control Bypass Vulnerability\". Productos afectados: versiones de hardware y virtuales de Cisco Web Security Appliance (WSA). M\u00e1s informaci\u00f3n: CSCvd88863. Versiones afectadas conocidas: 10.1.0-204 9.0.0-485."
    }
  ],
  "id": "CVE-2017-6751",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-25T19:29:00.363",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99967"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038959"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-26108

Vulnerability from cnvd - Published: 2017-09-11

Title

Cisco Web Security Appliance未授权访问漏洞

Description

Cisco Web Security Appliance是美国思科（Cisco）公司的一套Web安全设备。 Cisco Web Security Appliance Web proxy功能存在访问限制绕过漏洞，允许远程攻击者利用漏洞提交特殊的请求，访问administrative管理界面。

Severity

中

Patch Name

Cisco Web Security Appliance未授权访问漏洞的补丁

Patch Description

Cisco Web Security Appliance是美国思科（Cisco）公司的一套Web安全设备。 Cisco Web Security Appliance Web proxy功能存在访问限制绕过漏洞，允许远程攻击者利用漏洞提交特殊的请求，访问administrative管理界面。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-6751

Impacted products

Name
['Cisco Web Security Appliance 10.1.0-204', 'Cisco Web Security Appliance 9.0.0-485', 'Cisco Web Security Appliance 11.0.0-641', 'Cisco Web Security Appliance 10.5.1-270', 'Cisco Web Security Appliance 10.1.1-235']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99967"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6751"
    }
  },
  "description": "Cisco Web Security Appliance\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957Web\u5b89\u5168\u8bbe\u5907\u3002\r\n\r\nCisco Web Security Appliance Web proxy\u529f\u80fd\u5b58\u5728\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u8bbf\u95eeadministrative\u7ba1\u7406\u754c\u9762\u3002",
  "discovererName": "Daniel Jensen of Security-Assessment.com",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-26108",
  "openTime": "2017-09-11",
  "patchDescription": "Cisco Web Security Appliance\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957Web\u5b89\u5168\u8bbe\u5907\u3002\r\n\r\nCisco Web Security Appliance Web proxy\u529f\u80fd\u5b58\u5728\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u8bbf\u95eeadministrative\u7ba1\u7406\u754c\u9762\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Web Security Appliance\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Web Security Appliance 10.1.0-204",
      "Cisco Web Security Appliance 9.0.0-485",
      "Cisco Web Security Appliance 11.0.0-641",
      "Cisco Web Security Appliance 10.5.1-270",
      "Cisco Web Security Appliance 10.1.1-235"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-6751",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-26",
  "title": "Cisco Web Security Appliance\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

GHSA-78HH-RJ37-P22V

Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-05-13 01:11

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6751"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-25T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.",
  "id": "GHSA-78hh-rj37-p22v",
  "modified": "2022-05-13T01:11:16Z",
  "published": "2022-05-13T01:11:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6751"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99967"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038959"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6751 (GCVE-0-2017-6751)

GSD-2017-6751

VAR-201707-0955

FKIE_CVE-2017-6751

CNVD-2017-26108

GHSA-78HH-RJ37-P22V

Tags

Sightings

Nomenclature