The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco WSA

computer weakness note CVE-2018-0353

Cisco WSA: privilege escalation via Layer 4 Traffic Monitor

Synthesis of the vulnerability

An attacker can bypass restrictions via Layer 4 Traffic Monitor of Cisco WSA, in order to escalate his privileges.
Severity: 3/4.
Creation date: 07/06/2018.
Identifiers: CERTFR-2018-AVI-270, cisco-sa-20180606-wsa, CSCvg78875, CVE-2018-0353, VIGILANCE-VUL-26348.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Layer 4 Traffic Monitor of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-0087

Cisco Web Security Appliance: privilege escalation via FTP Authentication

Synthesis of the vulnerability

An attacker can bypass restrictions via FTP Authentication of Cisco Web Security Appliance, in order to escalate his privileges.
Severity: 3/4.
Creation date: 08/03/2018.
Identifiers: CERTFR-2018-AVI-116, cisco-sa-20180307-wsa, CSCvf74281, CVE-2018-0087, VIGILANCE-VUL-25488.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via FTP Authentication of Cisco Web Security Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2018-0093

Cisco WSA: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 18/01/2018.
Identifiers: cisco-sa-20180117-wsa1, CSCvf37392, CVE-2018-0093, VIGILANCE-VUL-25115.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco WSA product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2017-12303

Cisco WSA: privilege escalation via AMP Filtering

Synthesis of the vulnerability

An attacker can bypass restrictions via AMP Filtering of Cisco WSA, in order to escalate his privileges.
Severity: 2/4.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-wsa, CSCvf52943, CVE-2017-12303, VIGILANCE-VUL-24472.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via AMP Filtering of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2017-6783

Cisco WSA/ESA/SMA: information disclosure via SNMP Polling

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SNMP Polling of Cisco WSA/ESA/SMA, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 17/08/2017.
Identifiers: CERTFR-2017-AVI-269, cisco-sa-20170816-csa, CSCve26106, CSCve26202, CSCve26224, CVE-2017-6783, VIGILANCE-VUL-23555.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via SNMP Polling of Cisco WSA/ESA/SMA, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2017-6748

Cisco WSA: privilege escalation via Command Injection

Synthesis of the vulnerability

An attacker can bypass restrictions via Command Injection of Cisco WSA, in order to escalate his privileges.
Severity: 2/4.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa2, CSCvd88855, CVE-2017-6748, VIGILANCE-VUL-23305.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Command Injection of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2017-6749

Cisco WSA: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa3, CSCvd88865, CVE-2017-6749, VIGILANCE-VUL-23304.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco WSA product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco WSA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2017-6750

Cisco WSA: privilege escalation via Static Credentials

Synthesis of the vulnerability

An attacker can bypass restrictions via Static Credentials of Cisco WSA, in order to escalate his privileges.
Severity: 2/4.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa4, CSCve06124, CVE-2017-6750, VIGILANCE-VUL-23303.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Static Credentials of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-6751

Cisco WSA: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Cisco WSA, in order to escalate his privileges.
Severity: 2/4.
Creation date: 20/07/2017.
Identifiers: cisco-sa-20170719-wsa5, CSCvd88863, CVE-2017-6751, VIGILANCE-VUL-23302.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions of Cisco WSA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2017-6746

Cisco WSA: code execution via Command Injection

Synthesis of the vulnerability

An attacker can use a vulnerability via Command Injection of Cisco WSA, in order to run code.
Severity: 2/4.
Creation date: 20/07/2017.
Identifiers: CERTFR-2017-AVI-230, cisco-sa-20170719-wsa1, CSCvd88862, CVE-2017-6746, VIGILANCE-VUL-23301.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Command Injection of Cisco WSA, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco WSA: