关键漏洞信息 Advisory ID: cisco-sa-20170719-wsa1 CVE ID: CVE-2017-6746 CWE ID: CWE-20 Risk Level: High CVSS Score: 7.2 Publication Date: 2017-07-19 Summary A vulnerability in the web interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and escalate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input. No workarounds are available. Affected Products Vulnerable Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. Fixed Software Customers should upgrade to the latest version of Cisco AsyncOS Software. Follow the guidelines for obtaining and installing the necessary updates. Source Reported by Daniel Jensen from Security-Assessment.com.