Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-99


Cisco Web Security Appliance Web Proxy ACL Flaw Lets Remote Users Forward Traffic to the Administrative Management Interface
Severity Rating: Medium
Systems Affected:
  • Cisco Web Security Appliance
Description
A vulnerability has been identified in Cisco Web Security Appliance and can be exploited by remote attackers to forward traffic from the web proxy interface of an affected device to the administrative management interface of the same device. The vulnerability exists because the affected software fails to deny traffic that is forwarded from the web proxy interface to the administrative management interface of a device. An attacker could exploit this vulnerability by sending a crafted stream of HTTP or HTTPS traffic to the web proxy interface of an affected device. A successful exploit could allow traffic to reach the administrative management interface of the affected device although the traffic should have been dropped.
Solution
Users are advised to apply updates.
More information is available on:
 
Vendor Information
Cisco
 
CVE Information
 
References
Security Tracker
 
Cisco Security Advisory
 
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis