Cisco Bug: CSCus83471 - OS command injection via the "createcomputerobject" CLI
Feb 09, 2017
- Cisco Web Security Appliance
Known Affected Releases
Symptom: A vulnerability in command line interface Cisco Web Security Appliance could allow an authenticated, local attacker to execute commands in the context of the underlying operating system.. The vulnerability is due to the failure to validate user input which allows command injection. An attacker could exploit this vulnerability by inserting certain shell commands from the CLI console. Conditions: Default installation of an affected release of the product.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases