The vulnerability of the Trustwave Secure Web Gateway’s protection and control mechanism, related to errors in managing cryptographic keys, allows a hacker to gain unauthorized access to the system with root privileges.

The vulnerability of the Trustwave Secure Web Gateway relates to errors in the management of cryptographic keys. Exploiting this vulnerability allows a malicious actor to inject an arbitrary open key for the SSH protocol and gain unauthorized access to the system with root privileges, using a...

Trustwave Secure Web Gateway Elevation of Privilege Vulnerability

Trustwave Secure Web Gateway SWG is a web security gateway product from Trustwave, Inc. A security vulnerability exists in Trustwave SWG version 11.8.0.27 and earlier. A remote attacker can exploit the vulnerability by sending the 'publicKey' parameter to the /sendKey URI to add an arbitrary publ...

CVE-2017-18001

Trustwave Secure Web Gateway SWG through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI...

Design/Logic Flaw

Trustwave Secure Web Gateway SWG through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI...

CVE-2017-18001

Trustwave Secure Web Gateway SWG through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI...