CVE-2017-18001

CRITICAL

Trustwave Secure Web Gateway < 11.8.0.27 - Missing Authentication

Title source: rule

Description

Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.

Exploits (1)

exploitdb WORKING POC

by SecuriTeam · remotelinux

https://www.exploit-db.com/exploits/44047

View Code ZIP pw:eip

References (4)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Dec/88

[Exploit, Third Party Advisory] https://blogs.securiteam.com/index.php/archives/3550

[Vendor Advisory] https://www.trustwave.com/Resources/Trustwave-Software-Updates/Important-Security-Update-for-Trustwave-Secure-Web-Gateway/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/44047/

Scores

CVSS v3 9.8

EPSS 0.2085

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (1)

trustwave/secure_web_gateway < 11.8.0.27

Published Dec 31, 2017

Tracked Since Feb 18, 2026