CVE-2015-0693Improper Input Validation in Cisco WEB Security Appliance

CWE-20Improper Input Validation4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 73.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco WEB Security Appliance
Timeline
PublishedApr 15
Latest updateMay 17

Description

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xhwq-qc65-7mcj: Cisco Web Security Appliance (WSA) devices with software 82022-05-17
CVEList
CVE-2015-0693: Cisco Web Security Appliance (WSA) devices with software 82015-04-15

📋Vendor Advisories

1
Cisco
Cisco Web Security Appliance Python File Processing Privilege Escalation Vulnerability2015-04-13
CVE-2015-0693 — Improper Input Validation in Cisco | cvebase