Vulnerabilities > Cisco > WEB Security Virtual Appliance > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-25 CVE-2017-6751 Improper Input Validation vulnerability in Cisco products
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability.
network
low complexity
cisco CWE-20
7.5
2017-07-25 CVE-2017-6750 Insecure Default Initialization of Resource vulnerability in Cisco products
A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability.
network
low complexity
cisco CWE-1188
7.5