Vulnslist

find the latest Cisco vulnerabilities

Cisco Web Security Appliance Static Credentials Vulnerability

cisco-sa-20170719-wsa4 · Medium · Published · Updated

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI. The vulnerability is due to a user account that has a default and static password. An attacker could exploit this vulnerability by connecting to the affected system using this default account. An exploit could allow the attacker to log in with the default credentials, allowing the attacker to view the system's serial number by using the CLI or to download reports by using the web interface. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6750
Cisco Bug IDsCSCve06124
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Web Security Appliance (WSA), Cisco Web Security Virtual Appliance, Cisco Secure Web Appliance

Related Products

Product CVE Evidence
Cisco Web Security Virtual Appliance CVE-2017-6750 Cisco OpenVuln
Cisco Web Security Appliance (WSA) CVE-2017-6750 Cisco OpenVuln
Cisco Secure Web Appliance CVE-2017-6750 Cisco OpenVuln