Описание
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-18001
- https://blogs.securiteam.com/index.php/archives/3550
- https://www.exploit-db.com/exploits/44047
- https://www.trustwave.com/Resources/Trustwave-Software-Updates/Important-Security-Update-for-Trustwave-Secure-Web-Gateway
- http://seclists.org/fulldisclosure/2017/Dec/88
Связанные уязвимости
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
Уязвимость шлюза защиты и контроля веб-трафика Trustwave Secure Web Gateway, связанная с ошибками управления криптографическими ключами, позволяющая нарушителю получить несанкционированный доступ к системе с привилегиями root