CVE-2017-6750

Published Jul 25, 2017

Last updated 5 years ago

CVSS high 7.5

Overview

Description: A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-1188

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F4BDE8C-6D41-4BCF-8BB3-9256E2AD09E8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0.0-233:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C84C8F0-4722-4385-B3CD-86E05F3D72BA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.0_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79B251F2-C0EF-41A5-9318-CAB6FF8D7D5E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6845F048-06E0-4F5D-A2BD-A8D856530D15"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC71F9F5-B0BA-4415-A4C8-9D0B15732A54"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-230:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F89E6946-5451-4A35-BD48-BA260B7928F3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-234:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F88C4824-EAE3-4636-92BE-1ADF944B1EAC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.1.1-235:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BA9660A-C242-4080-9B38-A819A3BBCF70"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F68D77CC-8FA7-436C-9799-EB691D145C3C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:10.5.0-358:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96C185A6-D4DE-4EA0-952D-714CCCAF2B00"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69528D17-2EA4-4CF5-B2D4-26B185C66ED8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F260BF88-C6C4-41B7-BDE7-EC1CF4EFB74F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BED59A8D-41E6-448E-AEEF-91400742CC0B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFF6B908-B1A0-48FC-A481-CA2AF9738BE0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F432D2A9-AF00-4578-B1DC-171876CE1C39"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD97A391-7E07-46EC-85D6-C17D1EB753A1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "679B5A90-ED85-4086-916B-664FF2DD9EB7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References