CVE-2017-18001

CRITICAL

Trustwave Secure Web Gateway <= 11.8.0.27 - Unauthenticated SSH Key Injection via /sendKey PublicKey Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-18001. PoCs published by SecuriTeam.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated SSH key injection vulnerability in Trustwave SWG 11.8.0.27, allowing an attacker to add their own SSH key via a POST request to /sendKey and gain root access via a privileged script.

Description

Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.

Exploits (1)

exploitdb WORKING POC
by SecuriTeam · remotelinux
https://www.exploit-db.com/exploits/44047

This exploit demonstrates an unauthenticated SSH key injection vulnerability in Trustwave SWG 11.8.0.27, allowing an attacker to add their own SSH key via a POST request to /sendKey and gain root access via a privileged script.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Trustwave Secure Web Gateway (SWG) 11.8.0.27
No auth needed
Prerequisites: Network access to the target device on port 5222
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/Dec/88
Exploit, Third Party Advisory x_refsource_misc
https://blogs.securiteam.com/index.php/archives/3550
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44047/

Scores

CVSS v3 9.8
EPSS 0.1371
EPSS Percentile 96.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-306
Status published
Products (1)
trustwave/secure_web_gateway < 11.8.0.27
Published Dec 31, 2017
Tracked Since Feb 18, 2026