The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco WSA

computer vulnerability bulletin CVE-2018-0087

Cisco Web Security Appliance: privilege escalation via FTP Authentication

Synthesis of the vulnerability

An attacker can bypass restrictions via FTP Authentication of Cisco Web Security Appliance, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 08/03/2018.
Identifiers: CERTFR-2018-AVI-116, cisco-sa-20180307-wsa, CSCvf74281, CVE-2018-0087, VIGILANCE-VUL-25488.

Description of the vulnerability

An attacker can bypass restrictions via FTP Authentication of Cisco Web Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0093

Cisco WSA: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 18/01/2018.
Identifiers: cisco-sa-20180117-wsa1, CSCvf37392, CVE-2018-0093, VIGILANCE-VUL-25115.

Description of the vulnerability

The Cisco WSA product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12303

Cisco WSA: privilege escalation via AMP Filtering

Synthesis of the vulnerability

An attacker can bypass restrictions via AMP Filtering of Cisco WSA, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-wsa, CSCvf52943, CVE-2017-12303, VIGILANCE-VUL-24472.

Description of the vulnerability

An attacker can bypass restrictions via AMP Filtering of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-6783

Cisco WSA/ESA/SMA: information disclosure via SNMP Polling

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SNMP Polling of Cisco WSA/ESA/SMA, in order to obtain sensitive information.
Impacted products: AsyncOS, Cisco Content SMA, Cisco ESA, Cisco WSA.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 17/08/2017.
Identifiers: CERTFR-2017-AVI-269, cisco-sa-20170816-csa, CSCve26106, CSCve26202, CSCve26224, CVE-2017-6783, VIGILANCE-VUL-23555.

Description of the vulnerability

An attacker can bypass access restrictions to data via SNMP Polling of Cisco WSA/ESA/SMA, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-6748

Cisco WSA: privilege escalation via Command Injection

Synthesis of the vulnerability

An attacker can bypass restrictions via Command Injection of Cisco WSA, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa2, CSCvd88855, CVE-2017-6748, VIGILANCE-VUL-23305.

Description of the vulnerability

An attacker can bypass restrictions via Command Injection of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-6749

Cisco WSA: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa3, CSCvd88865, CVE-2017-6749, VIGILANCE-VUL-23304.

Description of the vulnerability

The Cisco WSA product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-6750

Cisco WSA: privilege escalation via Static Credentials

Synthesis of the vulnerability

An attacker can bypass restrictions via Static Credentials of Cisco WSA, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa4, CSCve06124, CVE-2017-6750, VIGILANCE-VUL-23303.

Description of the vulnerability

An attacker can bypass restrictions via Static Credentials of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-6751

Cisco WSA: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Cisco WSA, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa5, CSCvd88863, CVE-2017-6751, VIGILANCE-VUL-23302.

Description of the vulnerability

An attacker can bypass restrictions of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-6746

Cisco WSA: code execution via Command Injection

Synthesis of the vulnerability

An attacker can use a vulnerability via Command Injection of Cisco WSA, in order to run code.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: privileged account.
Creation date: 20/07/2017.
Identifiers: CERTFR-2017-AVI-230, cisco-sa-20170719-wsa1, CSCvd88862, CVE-2017-6746, VIGILANCE-VUL-23301.

Description of the vulnerability

An attacker can use a vulnerability via Command Injection of Cisco WSA, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-3870

Cisco Web Security Appliance: privilege escalation via URL Filtering Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via URL Filtering Bypass of Cisco Web Security Appliance, in order to escalate his privileges.
Impacted products: AsyncOS, Cisco WSA.
Severity: 2/4.
Consequences: data reading, data flow.
Provenance: internet client.
Creation date: 16/03/2017.
Identifiers: cisco-sa-20170315-wsa, CSCvc69700, CVE-2017-3870, VIGILANCE-VUL-22151.

Description of the vulnerability

An attacker can bypass restrictions via URL Filtering Bypass of Cisco Web Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco WSA: