Trustwave Secure Web Gateway Elevation of Privilege Vulnerability

Trustwave Secure Web Gateway SWG is a web security gateway product from Trustwave, Inc. A security vulnerability exists in Trustwave SWG version 11.8.0.27 and earlier. A remote attacker can exploit the vulnerability by sending the 'publicKey' parameter to the /sendKey URI to add an arbitrary publ...

CVE-2017-18001

Trustwave Secure Web Gateway SWG through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI...