Vulnerability Details CVE-2017-6749
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88865. Known Affected Releases: 10.1.0-204.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://www.securityfocus.com/bid/99875
- http://www.securitytracker.com/id/1038957
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa3
- http://www.securityfocus.com/bid/99875
- http://www.securitytracker.com/id/1038957
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa3
Products affected by CVE-2017-6749
-
cpe:2.3:a:cisco:web_security_appliance:10.0.0-232
-
cpe:2.3:a:cisco:web_security_appliance:10.0.0-233
-
cpe:2.3:a:cisco:web_security_appliance:10.0_base
-
cpe:2.3:a:cisco:web_security_appliance:10.1.0
-
cpe:2.3:a:cisco:web_security_appliance:10.1.0-204
-
cpe:2.3:a:cisco:web_security_appliance:10.1.1-230
-
cpe:2.3:a:cisco:web_security_appliance:10.1.1-234
-
cpe:2.3:a:cisco:web_security_appliance:10.1.1-235
-
cpe:2.3:a:cisco:web_security_appliance:10.5.0
-
cpe:2.3:a:cisco:web_security_appliance:10.5.0-358
-
cpe:2.3:a:cisco:web_security_appliance:10.5.1-270
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base