CVE-2015-6298

Loading...

General

Score:9.0/10.0
Severity:High
Category:Command Injection

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Single

Published on 06/11/15 - Updated on 07/12/16

Description

The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445.

Category: Command Injection

CWE-78 (OS Command Injections)
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Security Notices

US National Vulnerability DatabaseCVE-2015-6298
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-465

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
ciscoweb_security_appliance

Share this vulnerability with:

Twitter Facebook LinkedIn Mail