Cisco Web Security Appliance Multiple Vulnerabilities

high Nessus Plugin ID 102018

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, the remote Cisco Web Security Appliance (WSA) device is affected by one or more vulnerabilities :

- An unspecified flaw exists in the web-based interface due to improper validation of user-supplied input. An authenticated, remote attacker who has valid administrator credentials can exploit this vulnerability to inject arbitrary commands and thereby elevate privileges from administrator to root. (CVE-2017-6746)

- An unspecified flaw exists in the CLI parser due to improper sanitization of user-supplied input. A local attacker can exploit this to inject arbitrary commands and thereby escape the CLI subshell and gain root privileges. (CVE-2017-6748)

- A stored cross-site scripting (XSS) vulnerability exists in the web-based management interface due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to execute arbitrary script code in a user's browser session. (CVE-2017-6749)

- A security vulnerability exists due to WSA being installed with a user account that has a default and static password. An unauthenticated, remote attacker can exploit this to gain privileged access to certain portions of the web-based management interface, allowing the attacker to download reports or disclose the device's serial number. (CVE-2017-6750)

- A security bypass vulnerability exists in the web proxy functionality due to a failure to deny traffic that is forwarded from the web proxy interface to the administrative management interface of a device. An unauthenticated, remote attacker can exploit this issue to bypass access restrictions by sending a specially crafted stream of HTTP or HTTPS traffic to the web proxy interface of an affected device. (CVE-2017-6451)

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvd88862, CSCvd88855, CSCvd88865, CSCve06124, and CSCvd88863.

See Also

http://www.nessus.org/u?142f72cc

http://www.nessus.org/u?31a4794a

http://www.nessus.org/u?5fe44129

http://www.nessus.org/u?2c672cb4

http://www.nessus.org/u?0048c64e

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd88862

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd88855

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd88865

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve06124

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd88863

Plugin Details

Severity: High

ID: 102018

File Name: cisco-sa-20170719-wsa1-5.nasl

Version: 1.7

Type: local

Family: CISCO

Published: 7/27/2017

Updated: 5/20/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2017-6746

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:cisco:web_security_appliance, cpe:/a:cisco:web_security_appliance, cpe:/o:cisco:web_security_appliance, cpe:/o:cisco:asyncos

Required KB Items: Host/AsyncOS/Cisco Web Security Appliance/DisplayVersion, Host/AsyncOS/Cisco Web Security Appliance/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/19/2017

Vulnerability Publication Date: 7/19/2017

Reference Information

CVE: CVE-2017-6746, CVE-2017-6748, CVE-2017-6749, CVE-2017-6750, CVE-2017-6751

BID: 99875, 99877, 99918, 99924