CVE-2017-6751Improper Input Validation in Cisco WEB Security Appliance

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 35.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco WEB Security ApplianceCisco WEB Security ApplianceCisco WEB Security Virtual Appliance
Timeline
PublishedJul 25
Latest updateMay 13

Description

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5cisco/cisco_web_security_applianceCisco Web Security Appliance

🔴Vulnerability Details

2
GHSA
GHSA-78hh-rj37-p22v: A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward tr2022-05-13
CVEList
CVE-2017-6751: A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward tr2017-07-25

📋Vendor Advisories

1
Cisco
Cisco Web Security Appliance Administrative Interface Access Control Bypass Vulnerability2017-07-19
CVE-2017-6751 — Improper Input Validation in Cisco | cvebase