CVE-2015-0692 — Cisco WEB Security Appliance vulnerability

CWE-2644 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 73.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco WEB Security Appliance

Timeline

PublishedApr 11

Latest updateMay 17

Description

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/web_security_appliance8.5_base

🔴Vulnerability Details

GHSA

GHSA-79m9-mggg-xpg9: Cisco Web Security Appliance (WSA) devices with software 8↗2022-05-17

▶

CVEList

CVE-2015-0692: Cisco Web Security Appliance (WSA) devices with software 8↗2015-04-11

▶

📋Vendor Advisories

Cisco

Cisco Web Security Appliance Pickle Python Module Arbitrary Code Execution Vulnerability↗2015-04-10

▶