Description
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99877
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038948
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1
Scores
CVSS v3
7.2
EPSS
0.0440
EPSS Percentile
90.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (12)
cisco/web_security_appliance
10.0.0-233
cisco/web_security_appliance
10.0_base
cisco/web_security_appliance
10.1.0
cisco/web_security_appliance
10.1.0-204
cisco/web_security_appliance
10.1.1-230
cisco/web_security_appliance
10.1.1-234
cisco/web_security_appliance
10.5.0
cisco/web_security_appliance
10.5.0-358
cisco/web_security_appliance
11.0.0
cisco/web_security_appliance
11.0.0-613
... and 2 more
Published
Jul 25, 2017
Tracked Since
Feb 18, 2026