VAR-201707-0961
Vulnerability from variot - Updated: 2025-04-20 23:30A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235. Vendors have confirmed this vulnerability Bug ID CSCvd88862 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvd88862. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. AsyncOS Software is an operating system used in it. The following releases are affected: Cisco AsyncOS Software Release 11.0, Release 10.5, Release 10.1.0-204, Release 10.1, Release 10.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0961",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.0.0-613"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0_base"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.1.0-204"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.1.1-234"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0-233"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.1.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.1.1-230"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.5.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.0.0-641"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.5.0-358"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0.0"
},
{
"model": "web security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.0-204"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "asyncos software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5.1-270"
},
{
"model": "asyncos software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.1-235"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18232"
},
{
"db": "BID",
"id": "99877"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006766"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1174"
},
{
"db": "NVD",
"id": "CVE-2017-6746"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006766"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Jensen from Security-Assessment.com",
"sources": [
{
"db": "BID",
"id": "99877"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1174"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6746",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-6746",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-18232",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-114949",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2017-6746",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6746",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6746",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-18232",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1174",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114949",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18232"
},
{
"db": "VULHUB",
"id": "VHN-114949"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006766"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1174"
},
{
"db": "NVD",
"id": "CVE-2017-6746"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235. Vendors have confirmed this vulnerability Bug ID CSCvd88862 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. This may aid in further attacks. \nThis issue is being tracked by Cisco bug ID CSCvd88862. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. AsyncOS Software is an operating system used in it. The following releases are affected: Cisco AsyncOS Software Release 11.0, Release 10.5, Release 10.1.0-204, Release 10.1, Release 10.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6746"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006766"
},
{
"db": "CNVD",
"id": "CNVD-2017-18232"
},
{
"db": "BID",
"id": "99877"
},
{
"db": "VULHUB",
"id": "VHN-114949"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6746",
"trust": 3.4
},
{
"db": "BID",
"id": "99877",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1038948",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006766",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1174",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-18232",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "37190",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114949",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18232"
},
{
"db": "VULHUB",
"id": "VHN-114949"
},
{
"db": "BID",
"id": "99877"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006766"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1174"
},
{
"db": "NVD",
"id": "CVE-2017-6746"
}
]
},
"id": "VAR-201707-0961",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18232"
},
{
"db": "VULHUB",
"id": "VHN-114949"
}
],
"trust": 1.2985804399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18232"
}
]
},
"last_update_date": "2025-04-20T23:30:54.985000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170719-wsa1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1"
},
{
"title": "CiscoAsyncOSSoftware Command Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/99405"
},
{
"title": "Cisco Web Security Appliance AsyncOS Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72019"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18232"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006766"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1174"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114949"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006766"
},
{
"db": "NVD",
"id": "CVE-2017-6746"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170719-wsa1"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99877"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1038948"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6746"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6746"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/37190"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18232"
},
{
"db": "VULHUB",
"id": "VHN-114949"
},
{
"db": "BID",
"id": "99877"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006766"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1174"
},
{
"db": "NVD",
"id": "CVE-2017-6746"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-18232"
},
{
"db": "VULHUB",
"id": "VHN-114949"
},
{
"db": "BID",
"id": "99877"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006766"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1174"
},
{
"db": "NVD",
"id": "CVE-2017-6746"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-18232"
},
{
"date": "2017-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-114949"
},
{
"date": "2017-07-19T00:00:00",
"db": "BID",
"id": "99877"
},
{
"date": "2017-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006766"
},
{
"date": "2017-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1174"
},
{
"date": "2017-07-25T19:29:00.240000",
"db": "NVD",
"id": "CVE-2017-6746"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-18232"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-114949"
},
{
"date": "2017-07-19T00:00:00",
"db": "BID",
"id": "99877"
},
{
"date": "2017-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006766"
},
{
"date": "2017-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1174"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6746"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1174"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Web Security Appliance Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006766"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1174"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…