CVE-2019-1816

CWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 69.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco WEB Security Appliance (wsa)Cisco WEB Security Appliance
Timeline
PublishedMay 3
Latest updateMay 24

Description

A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The vulnerability is due to insufficient validation of user-supplied input on the web and command-line interface. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_web_security_appliance_(wsa)unspecified10.1.4-017+3

🔴Vulnerability Details

2
GHSA
GHSA-846c-pcw3-c872: A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform co2022-05-24
CVEList
Cisco Web Security Appliance Privilege Escalation Vulnerability2019-05-03

📋Vendor Advisories

1
Cisco
Cisco Web Security Appliance Privilege Escalation Vulnerability2019-05-01
CVE-2019-1816 (HIGH CVSS 7.8) | A vulnerability in the log subscrip | cvebase.io