Command injection

2017-07-2519:29:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234.

CPENameOperatorVersion
web_security_applianceeq10.5.0
web_security_applianceeq10.1.0-204
web_security_applianceeq10.0.0-232
web_security_applianceeq10.1.0
web_security_applianceeq10.1.1-230
web_security_applianceeq11.0.0
web_security_applianceeq10.5.0-358
web_security_applianceeq10.0.0-233
web_security_applianceeq11.0.0-613
web_security_applianceeq10.0.0-base

Name	Operator	Version
web_security_appliance	eq	10.5.0
web_security_appliance	eq	10.1.0-204
web_security_appliance	eq	10.0.0-232
web_security_appliance	eq	10.1.0
web_security_appliance	eq	10.1.1-230
web_security_appliance	eq	11.0.0
web_security_appliance	eq	10.5.0-358
web_security_appliance	eq	10.0.0-233
web_security_appliance	eq	11.0.0-613
web_security_appliance	eq	10.0.0-base