CVE-2015-6298

Cisco Web Security Appliance AsyncOS OS Command Injection via Certificate Generation

Title source: llm
STIX 2.1

Description

The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034059

Scores

EPSS 0.0166
EPSS Percentile 73.7%

Details

CWE
CWE-78
Status published
Products (1)
cisco/web_security_appliance 8.5.0-497
Published Nov 06, 2015
Tracked Since Feb 18, 2026