You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa wsa

Sigurnosni nedostaci programskog paketa wsa

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Web Security Appliance FTP Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20180307-wsa

Revision: 1.0

For Public Release: 2018 March 7 16:00 GMT

Last Updated: 2018 March 7 16:00 GMT

CVE ID(s): CVE-2018-0087

CVSS Score v(3): 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

+———————————————————————

Summary
=======
A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username.

The vulnerability is due to incorrect FTP user credential validation. An attacker could exploit this vulnerability by using FTP to connect to the management IP address of the targeted device. A successful exploit could allow the attacker to log in to the FTP server of the Cisco WSA without having a valid password.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-wsa [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-wsa”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJaoA/kXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczbTIQAK71/sEyneWXmTUhwnNM/7oZmh2w
mc00nXt10Alg9aTfPUJTXQTRabf4BZ5uxx6Ls9PIEspYxVOyPSGZfOsZ1vaess1a
M1RcPtiZK/V6+XuBF4tIThArntIr+dkWAOEnkQjdQqZeQrJYQG52rXmxO+99/82r
vvio9WTh10UhzE52VpeZ7hfdk56R+4NGRqmjmki3ncvISsnV2ywpCF4lXf8H80A3
yK2uMGGgR8Lgg+EpskU5z+fU8hFgapI2ftV1ux+v53Y9vk61NAAsHMujQ2LIcEv5
QdI+a4nYrcVggAY2pk8CL5r5gpWqVbbNPciHGW4A6P0t5wRjWNjjcAh+AIy+fJbR
TEgN5wUdIUPojEXmXJ1r4y5wom938X8n+JkvnAOkVm4QhW31SCU5DRHxJ/HndkAh
9onlNnkYXW7S7cJ9zPOPlrRLT29lD2MwmWRCTeA+UIOcxe2QlJ1wbj1VfsYz3SSw
EjyQFgrw0yNGfbTHX7XPi5+PZUq4zEwZ9Ujuf5zKTqRLhAyA3lvdpfHqqaWUiSUO
xNvxxv33jcZbVJKvcYdZvF0UUVC9ixuqx48+/cZSmqJjDlr4SG7Bllyfxm7kV7ic
S6LXUyx0nxBuXCRsUl/LcsOCz9FxMt15og0EAiA1QXoXUjPWMmPntoFKx0uvvAf5
Rf1vJm9G9i55SkwV
=otHs
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorPetar Bertok
Cert idNCERT-REF-2018-03-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top