CVE-2017-18001
Summary
| CVE | CVE-2017-18001 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-12-31 19:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Trustwave | Secure Web Gateway | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SWG vulnerability version 11.8 and earlier | Trustwave | MISC | www.trustwave.com | Vendor Advisory |
| SSD Advisory – Trustwave SWG Unauthorized Access - SSD Secure Disclosure | MISC | blogs.securiteam.com | Exploit, Third Party Advisory |
| Full Disclosure: SSD Advisory – Trustwave SWG Unauthorized Access | MISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| Trustwave SWG 11.8.0.27 - SSH Unauthorized Access | EXPLOIT-DB | www.exploit-db.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.