CVE-2017-6751
moderate-risk
Published 2017-07-25
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.
Do I need to act?
-
0.47% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (10)
Web Security Virtual Appliance
Web Security Virtual Appliance
Web Security Virtual Appliance
Web Security Virtual Appliance
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/99967
Third Party Advisory
http://www.securitytracker.com/id/1038959
Third Party Advisory
http://www.securityfocus.com/bid/99967
Third Party Advisory
http://www.securitytracker.com/id/1038959
44
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
2/34 · Minimal
Exposure
16/34 · Moderate