Home Unlabelled Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability

Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability

By
Wednesday, November 04, 2015
Read
Add Comment
A vulnerability in the certificate generation process in the admin web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system with root-level privileges.
 
The vulnerability is due to the improper validation of parameters passed to the affected system scripts. An attacker could exploit this vulnerability by passing arbitrary commands as arguments to the affected fields of the web interface. An exploit could allow the attacker to run arbitrary commands on the underlying system with root-level privileges.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://ift.tt/1kaJewY

from Cisco Security Advisory http://ift.tt/1kaJewY
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us