Improper input validation in Cisco Web Security Appliance - CVE-2017-6751
Published: May 16, 2018
Vulnerability identifier: #VU12767
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6751
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Web Security Appliance
Cisco Web Security Appliance
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to write arbitrary files on the target system.
The weakness exists in the web proxy functionality due to failure to deny traffic that is forwarded from the web proxy interface to the administrative management interface of a device. A remote attacker can send a specially crafted stream of HTTP or HTTPS traffic to the web proxy interface and reach the administrative management interface although the traffic should have been dropped.
The weakness exists in the web proxy functionality due to failure to deny traffic that is forwarded from the web proxy interface to the administrative management interface of a device. A remote attacker can send a specially crafted stream of HTTP or HTTPS traffic to the web proxy interface and reach the administrative management interface although the traffic should have been dropped.
How to mitigate CVE-2017-6751
Cybersecurity is currently unaware of any solutions addressing the vulnerability.