CVE-2017-6750

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4	Vendor Advisory
http://www.securitytracker.com/id/1038958	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/99924	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:web_security_appliance:10.1.1-235:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.1-234:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:::::::*
	cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.1.0:::::::*
	cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:::::::*
	cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.5.0:::::::*
	cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:::::::*
	cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:::::::*
	cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:::::::*
	cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:::::::*
	cpe:2.3:a:cisco:web_security_appliance:10.0_base:::::::*

Information

Published : 2017-07-25 12:29

Updated : 2019-10-02 17:03

NVD link : CVE-2017-6750

Mitre link : CVE-2017-6750

JSON object : View

CWE

CWE-1188

Insecure Default Initialization of Resource

Products Affected

cisco

web_security_virtual_appliance
web_security_appliance

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2017-6750

7.5^/10

5.0^/10

Attach tags to `CVE-2017-6750`