Vulnerability Details CVE-2017-6750
A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/99924
- http://www.securitytracker.com/id/1038958
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4
- http://www.securityfocus.com/bid/99924
- http://www.securitytracker.com/id/1038958
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4
Products affected by CVE-2017-6750
-
cpe:2.3:a:cisco:web_security_appliance:10.0.0-232
-
cpe:2.3:a:cisco:web_security_appliance:10.0.0-233
-
cpe:2.3:a:cisco:web_security_appliance:10.0_base
-
cpe:2.3:a:cisco:web_security_appliance:10.1.0
-
cpe:2.3:a:cisco:web_security_appliance:10.1.0-204
-
cpe:2.3:a:cisco:web_security_appliance:10.1.1-230
-
cpe:2.3:a:cisco:web_security_appliance:10.1.1-234
-
cpe:2.3:a:cisco:web_security_appliance:10.1.1-235
-
cpe:2.3:a:cisco:web_security_appliance:10.5.0
-
cpe:2.3:a:cisco:web_security_appliance:10.5.0-358
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.0_base
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.1_base
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.5_base