ID
VAR-201511-0009
CVE
CVE-2015-6298
TITLE
Cisco Web Security Runs on the appliance device AsyncOS Management Web In the interface root Privileged vulnerability
Trust: 0.8
DESCRIPTION
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. Vendors have confirmed this vulnerability Bug ID CSCus83445 It is released as.Through a crafted certificate generation argument by a remotely authenticated user, root You may get permission. A remote attacker can exploit this vulnerability to obtain root privileges through a specially crafted certificate-generation parameter. This issue is being tracked by Cisco bug ID CSCus83445
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.5.0-497 | Trust: 1.6 |
| vendor: | cisco | model: | asyncos | scope: | lt | version: | 8.7.x | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.5.3-051 | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.8.0-085 | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.7.0-171-ld | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | lt | version: | 8.0.x | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.1.x | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | lt | version: | 8.5.x | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | lt | version: | 8.8.x | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.6.x | Trust: 0.8 |
| vendor: | cisco | model: | web security the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.0.8-113 | Trust: 0.8 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.x(<8.0.8-113) | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.1.x | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.5.x(<8.5.3-051) | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.6.x | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.7.x | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.8.x(<8.8.0-085) | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.8 | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.7 | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.6 | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.5 | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.1 | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.0 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | ne | version: | 8.8.0-085 | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance 8.7.0-171-ld | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | ne | version: | 8.5.3-051 | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | ne | version: | 8.0.8-113 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
operating system commend injection
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20151104-wsa | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa | Trust: 0.8 |
| title: | Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/66504 | Trust: 0.6 |
| title: | Cisco Email Security Appliance AsyncOS Fixes for operating system command injection vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58601 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-6298 | Trust: 3.4 |
| db: | SECTRACK | id: | 1034059 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2015-005768 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201511-106 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-07469 | Trust: 0.6 |
| db: | BID | id: | 77433 | Trust: 0.4 |
| db: | SEEBUG | id: | SSVID-89770 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-84259 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151104-wsa | Trust: 2.6 |
| url: | http://www.securitytracker.com/id/1034059 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6298 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6298 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2015-07469 |
| db: | VULHUB | id: | VHN-84259 |
| db: | BID | id: | 77433 |
| db: | JVNDB | id: | JVNDB-2015-005768 |
| db: | CNNVD | id: | CNNVD-201511-106 |
| db: | NVD | id: | CVE-2015-6298 |
LAST UPDATE DATE
2024-11-23T22:42:26.847000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-07469 | date: | 2015-11-12T00:00:00 |
| db: | VULHUB | id: | VHN-84259 | date: | 2016-12-07T00:00:00 |
| db: | BID | id: | 77433 | date: | 2015-11-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-005768 | date: | 2015-11-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-106 | date: | 2015-11-09T00:00:00 |
| db: | NVD | id: | CVE-2015-6298 | date: | 2024-11-21T02:34:43.693 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-07469 | date: | 2015-11-12T00:00:00 |
| db: | VULHUB | id: | VHN-84259 | date: | 2015-11-06T00:00:00 |
| db: | BID | id: | 77433 | date: | 2015-11-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-005768 | date: | 2015-11-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-106 | date: | 2015-11-09T00:00:00 |
| db: | NVD | id: | CVE-2015-6298 | date: | 2015-11-06T11:59:03.730 |