Boletines de Vulnerabilidades

Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability

Información sobre el sistema
   
Software afectado Cisco

Descripción
A vulnerability in the certificate generation process in the admin web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system with root-level privileges. The vulnerability is due to the improper validation of parameters passed to the affected system scripts. An attacker could exploit this vulnerability by passing arbitrary commands as arguments to the affected fields of the web interface. An exploit

More info:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Web%20Security%20Appliance%20Certificate%20Generation%20Command%20Inje

Identificadores estándar
Propiedad Valor
CVE

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-11-05

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT