CVE-2015-6298 — OS Command Injection in Cisco WEB Security Appliance

CWE-78 — OS Command Injection4 documents4 sources
Severity
9.0CRITICALNVD
EPSS
0.4%
top 40.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco WEB Security Appliance
Timeline
PublishedNov 6
Latest updateMay 17

Description

The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

â–¶NVDcisco/web_security_appliance8.5.0-497

🔴Vulnerability Details

2
GHSA
GHSA-hrmr-gjhm-hc4x: The admin web interface in Cisco AsyncOS 8↗2022-05-17
â–¶
CVEList
CVE-2015-6298: The admin web interface in Cisco AsyncOS 8↗2015-11-06
â–¶

📋Vendor Advisories

1
Cisco
Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability↗2015-11-04
â–¶
CVE-2015-6298 — OS Command Injection in Cisco | cvebase