SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Web Security Appliance Vendors:   Cisco
Cisco Web Security Appliance Web Proxy ACL Flaw Lets Remote Users Forward Traffic to the Administrative Management Interface
SecurityTracker Alert ID:  1038959
SecurityTracker URL:  http://securitytracker.com/id/1038959
CVE Reference:   CVE-2017-6751   (Links to External Site)
Date:  Jul 20 2017
Impact:   Host/resource access via network
Vendor Confirmed:  Yes  
Version(s): 9.0.0-485, 10.1.0-204
Description:   A vulnerability was reported in Cisco Web Security Appliance. A remote user can bypass access controls and forward web proxy traffic to the administrative management interface on the target system.

The web proxy does not properly enforce access controls. A remote user can send a specially crafted stream of HTTP or HTTPS traffic to the web proxy interface to cause the traffic to be forwarded to the administrative management interface.

The vendor has assigned bug ID CSCvd88863 to this vulnerability.

This vulnerability was found by Daniel Jensen of Security-Assessment.com.

Impact:   A remote user can bypass access controls and cause the traffic to be forwarded to the administrative management interface.
Solution:   No solution was available at the time of this entry.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC