CVE-2017-6750
moderate-risk
Published 2017-07-25
A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.
Do I need to act?
-
0.75% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (17)
Web Security Virtual Appliance
Web Security Virtual Appliance
Web Security Virtual Appliance
Web Security Virtual Appliance
Web Security Virtual Appliance
Web Security Virtual Appliance
Web Security Virtual Appliance
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/99924
Third Party Advisory
http://www.securitytracker.com/id/1038958
Third Party Advisory
http://www.securityfocus.com/bid/99924
Third Party Advisory
http://www.securitytracker.com/id/1038958
48
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
3/34 · Minimal
Exposure
19/34 · Moderate