CVE-2017-6750 — Initialization of a Resource with an Insecure Default in Cisco WEB Security Appliance

CWE-1188 — Initialization of a Resource with an Insecure Default CWE-2554 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 26.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco WEB Security Appliance Cisco WEB Security Appliance Cisco WEB Security Virtual Appliance

Timeline

PublishedJul 25

Latest updateMay 13

Description

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/web_security_virtual_appliance7 versions+6

▶NVDcisco/web_security_appliance10 versions+9

▶CVEListV5cisco/cisco_web_security_applianceCisco Web Security Appliance

🔴Vulnerability Details

GHSA

GHSA-8hj4-pmp7-hg69: A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the↗2022-05-13

▶

CVEList

CVE-2017-6750: A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the↗2017-07-25

▶

📋Vendor Advisories

Cisco

Cisco Web Security Appliance Static Credentials Vulnerability↗2017-07-19

▶