CVE-2015-6298
Cisco Web Security Appliance AsyncOS OS Command Injection via Certificate Generation
Title source: llmDescription
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034059
Scores
EPSS
0.0166
EPSS Percentile
73.7%
Details
CWE
CWE-78
Status
published
Products (1)
cisco/web_security_appliance
8.5.0-497
Published
Nov 06, 2015
Tracked Since
Feb 18, 2026