Details of VAR-201707-0955

ID

VAR-201707-0955

CVE

CVE-2017-6751

TITLE

Cisco Web Security Appliance Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006451

DESCRIPTION

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485. Vendors have confirmed this vulnerability Bug ID CSCvd88863 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvd88863. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation

Trust: 1.98

sources: NVD: CVE-2017-6751 // JVNDB: JVNDB-2017-006451 // BID: 99967 // VULHUB: VHN-114954

AFFECTED PRODUCTS

vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	10.1.0	Trust: 1.6
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	10.1.1	Trust: 1.6
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.0.0-232	Trust: 1.6
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	9.0.0	Trust: 1.6
vendor:	cisco	model:	web security appliance	scope:	eq	version:	9.0.0-162	Trust: 1.6
vendor:	cisco	model:	web security appliance	scope:	eq	version:	9.0.0-193	Trust: 1.6
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	10.0.0	Trust: 1.6
vendor:	cisco	model:	web security appliance	scope:	eq	version:	9.0.0-485	Trust: 1.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.1.0-204	Trust: 1.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.0.0-233	Trust: 1.0
vendor:	cisco	model:	web security the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	web security virtual appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.0_base	Trust: 0.6
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	9.0_base	Trust: 0.6
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	10.0_base	Trust: 0.6
vendor:	cisco	model:	web security appliance	scope:	eq	version:	11.0.0-641	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.5.1-270	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	10.1.1-235	Trust: 0.3

sources: BID: 99967 // JVNDB: JVNDB-2017-006451 // CNNVD: CNNVD-201707-1234 // NVD: CVE-2017-6751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6751
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6751
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201707-1234
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114954
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6751
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114954
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6751
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2017-6751
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-114954 // JVNDB: JVNDB-2017-006451 // CNNVD: CNNVD-201707-1234 // NVD: CVE-2017-6751

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-114954 // JVNDB: JVNDB-2017-006451 // NVD: CVE-2017-6751

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1234

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201707-1234

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006451

PATCH

title:

cisco-sa-20170719-wsa5

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5

Trust: 0.8

sources: JVNDB: JVNDB-2017-006451

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6751	Trust: 2.8
db:	BID	id:	99967	Trust: 2.0
db:	SECTRACK	id:	1038959	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-006451	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-1234	Trust: 0.7
db:	VULHUB	id:	VHN-114954	Trust: 0.1

sources: VULHUB: VHN-114954 // BID: 99967 // JVNDB: JVNDB-2017-006451 // CNNVD: CNNVD-201707-1234 // NVD: CVE-2017-6751

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170719-wsa5	Trust: 2.0
url:	http://www.securityfocus.com/bid/99967	Trust: 1.7
url:	http://www.securitytracker.com/id/1038959	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6751	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6751	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-114954 // BID: 99967 // JVNDB: JVNDB-2017-006451 // CNNVD: CNNVD-201707-1234 // NVD: CVE-2017-6751

CREDITS

Daniel Jensen of Security-Assessment.com.

Trust: 0.3

sources: BID: 99967

SOURCES

db:	VULHUB	id:	VHN-114954
db:	BID	id:	99967
db:	JVNDB	id:	JVNDB-2017-006451
db:	CNNVD	id:	CNNVD-201707-1234
db:	NVD	id:	CVE-2017-6751

LAST UPDATE DATE

2024-11-23T22:07:18.871000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114954	date:	2017-07-31T00:00:00
db:	BID	id:	99967	date:	2017-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-006451	date:	2017-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201707-1234	date:	2021-04-06T00:00:00
db:	NVD	id:	CVE-2017-6751	date:	2024-11-21T03:30:26.850

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114954	date:	2017-07-25T00:00:00
db:	BID	id:	99967	date:	2017-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-006451	date:	2017-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201707-1234	date:	2017-07-26T00:00:00
db:	NVD	id:	CVE-2017-6751	date:	2017-07-25T19:29:00.363