Detections
Analytics
Cisco Web Security Appliance Multiple Vulnerabilities
high Nessus Plugin ID 102018
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version, the remote Cisco Web Security Appliance (WSA) device is affected by one or more vulnerabilities :- An unspecified flaw exists in the web-based interface due to improper validation of user-supplied input. An authenticated, remote attacker who has valid administrator credentials can exploit this vulnerability to inject arbitrary commands and thereby elevate privileges from administrator to root. (CVE-2017-6746)
- An unspecified flaw exists in the CLI parser due to improper sanitization of user-supplied input. A local attacker can exploit this to inject arbitrary commands and thereby escape the CLI subshell and gain root privileges. (CVE-2017-6748)
- A stored cross-site scripting (XSS) vulnerability exists in the web-based management interface due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to execute arbitrary script code in a user's browser session. (CVE-2017-6749)
- A security vulnerability exists due to WSA being installed with a user account that has a default and static password. An unauthenticated, remote attacker can exploit this to gain privileged access to certain portions of the web-based management interface, allowing the attacker to download reports or disclose the device's serial number. (CVE-2017-6750)
- A security bypass vulnerability exists in the web proxy functionality due to a failure to deny traffic that is forwarded from the web proxy interface to the administrative management interface of a device. An unauthenticated, remote attacker can exploit this issue to bypass access restrictions by sending a specially crafted stream of HTTP or HTTPS traffic to the web proxy interface of an affected device. (CVE-2017-6451)
Solution
Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvd88862, CSCvd88855, CSCvd88865, CSCve06124, and CSCvd88863.See Also
http://www.nessus.org/u?142f72cc
http://www.nessus.org/u?31a4794a
http://www.nessus.org/u?5fe44129
http://www.nessus.org/u?2c672cb4
http://www.nessus.org/u?0048c64e
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd88862
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd88855
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd88865
Plugin Details
Severity: High
ID: 102018
File Name: cisco-sa-20170719-wsa1-5.nasl
Version: 1.7
Type: local
Family: CISCO
Published: 7/27/2017
Updated: 5/20/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 6.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2017-6746
CVSS v3
Risk Factor: High
Base Score: 7.2
Temporal Score: 6.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:asyncos, cpe:/o:cisco:web_security_appliance, cpe:/a:cisco:web_security_appliance, cpe:/h:cisco:web_security_appliance
Required KB Items: Host/AsyncOS/Cisco Web Security Appliance/DisplayVersion, Host/AsyncOS/Cisco Web Security Appliance/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 7/19/2017
Vulnerability Publication Date: 7/19/2017
Reference Information
CVE: CVE-2017-6746, CVE-2017-6748, CVE-2017-6749, CVE-2017-6750, CVE-2017-6751
BID: 99875, 99877, 99918, 99924
CISCO-SA: cisco-sa-20170719-wsa1, cisco-sa-20170719-wsa2, cisco-sa-20170719-wsa3, cisco-sa-20170719-wsa4, cisco-sa-20170719-wsa5
CISCO-BUG-ID: CSCvd88855, CSCvd88862, CSCvd88863, CSCvd88865, CSCve06124