Details of VAR-201707-0954

ID

VAR-201707-0954

CVE

CVE-2017-6750

TITLE

Cisco Web Security Appliance Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-006450

DESCRIPTION

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270. Vendors have confirmed this vulnerability Bug ID CSCve06124 It is released as.Information may be tampered with. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCve06124. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. AsyncOS is an operating system that runs on it. An attacker could exploit this vulnerability by connecting to an affected system using a default account to view the system's serial number

Trust: 1.98

sources: NVD: CVE-2017-6750 // JVNDB: JVNDB-2017-006450 // BID: 99924 // VULHUB: VHN-114953

AFFECTED PRODUCTS

vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	10.1.0	Trust: 1.6
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.1.1-235	Trust: 1.6
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.0_base	Trust: 1.6
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.0.0-232	Trust: 1.6
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	10.0_base	Trust: 1.6
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.1.0	Trust: 1.6
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.1.1-230	Trust: 1.6
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	10.5_base	Trust: 1.6
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	10.0.0	Trust: 1.6
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	10.5.1	Trust: 1.6
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.1.0-204	Trust: 1.3
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.1.1-234	Trust: 1.0
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	10.1_base	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.0.0-233	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.5.0	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.5.0-358	Trust: 1.0
vendor:	cisco	model:	web security the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	web security virtual appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asyncos software	scope:	eq	version:	10.1.0-204	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	ne	version:	10.5.1-270	Trust: 0.3
vendor:	cisco	model:	asyncos software	scope:	ne	version:	10.5.1-270	Trust: 0.3

sources: BID: 99924 // JVNDB: JVNDB-2017-006450 // CNNVD: CNNVD-201707-1176 // NVD: CVE-2017-6750

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6750
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6750
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201707-1176
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114953
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6750
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114953
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6750
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114953 // JVNDB: JVNDB-2017-006450 // CNNVD: CNNVD-201707-1176 // NVD: CVE-2017-6750

PROBLEMTYPE DATA

problemtype:	CWE-1188	Trust: 1.0
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-114953 // JVNDB: JVNDB-2017-006450 // NVD: CVE-2017-6750

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1176

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201707-1176

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006450

PATCH

title:	cisco-sa-20170719-wsa4	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4	Trust: 0.8
title:	Cisco Web Security Appliance AsyncOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72021	Trust: 0.6

sources: JVNDB: JVNDB-2017-006450 // CNNVD: CNNVD-201707-1176

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6750	Trust: 2.8
db:	BID	id:	99924	Trust: 2.0
db:	SECTRACK	id:	1038958	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-006450	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-1176	Trust: 0.7
db:	VULHUB	id:	VHN-114953	Trust: 0.1

sources: VULHUB: VHN-114953 // BID: 99924 // JVNDB: JVNDB-2017-006450 // CNNVD: CNNVD-201707-1176 // NVD: CVE-2017-6750

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170719-wsa4	Trust: 2.0
url:	http://www.securityfocus.com/bid/99924	Trust: 1.7
url:	http://www.securitytracker.com/id/1038958	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6750	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6750	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html	Trust: 0.3

sources: VULHUB: VHN-114953 // BID: 99924 // JVNDB: JVNDB-2017-006450 // CNNVD: CNNVD-201707-1176 // NVD: CVE-2017-6750

CREDITS

Daniel Jensen from Security-Assessment.com.

Trust: 0.9

sources: BID: 99924 // CNNVD: CNNVD-201707-1176

SOURCES

db:	VULHUB	id:	VHN-114953
db:	BID	id:	99924
db:	JVNDB	id:	JVNDB-2017-006450
db:	CNNVD	id:	CNNVD-201707-1176
db:	NVD	id:	CVE-2017-6750

LAST UPDATE DATE

2024-11-23T23:02:23.083000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114953	date:	2019-10-03T00:00:00
db:	BID	id:	99924	date:	2017-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-006450	date:	2017-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201707-1176	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6750	date:	2024-11-21T03:30:26.727

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114953	date:	2017-07-25T00:00:00
db:	BID	id:	99924	date:	2017-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-006450	date:	2017-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201707-1176	date:	2017-07-27T00:00:00
db:	NVD	id:	CVE-2017-6750	date:	2017-07-25T19:29:00.333