SB2017071911 - Multiple vulnerabilities in Cisco Web Security Appliance
Published: July 19, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Command injection (CVE-ID: CVE-2017-6748)
The vulnerability allows a local authenticated attacker to execute arbitrary commands with elevated privileges on the target system.The weakness exists in the CLI parser due to insufficient validation of user-supplied input in the CLI parser. A local attacker can authenticate to the target device and perform command injection over the CLI, escape from the CLI subshell and execute system-level commands on the underlying operating system as root.
2) Improper input validation (CVE-ID: CVE-2017-6751)
The vulnerability allows a remote unauthenticated attacker to write arbitrary files on the target system.The weakness exists in the web proxy functionality due to failure to deny traffic that is forwarded from the web proxy interface to the administrative management interface of a device. A remote attacker can send a specially crafted stream of HTTP or HTTPS traffic to the web proxy interface and reach the administrative management interface although the traffic should have been dropped.
3) Credentials management (CVE-ID: CVE-2017-6750)
The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to a user account that has a default and static password. A local attacker can connect to the target system using this default account, log in with the default credentials and view the system's serial number by using the CLI or download reports by using the web interface.
4) Cross-site scripting (CVE-ID: CVE-2017-6749)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The weakness exists in the web-based management interface due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa3