Sign-up

ID

VAR-201712-0555


CVE

CVE-2017-18001


TITLE

Trustwave Secure Web Gateway Vulnerabilities related to key management errors

Trust: 0.8

sources: JVNDB: JVNDB-2017-011893

DESCRIPTION

Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. Trustwave Secure Web Gateway (SWG) Contains a vulnerability related to key management errors.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TrustwaveSecureWebGateway (SWG) is a Web security gateway product from Trustwave Corporation of the United States. Security vulnerabilities existed in TrustwaveSWG 11.8.0.27 and earlier

Trust: 2.34

sources: NVD: CVE-2017-18001 // JVNDB: JVNDB-2017-011893 // CNVD: CNVD-2018-02172 // VULHUB: VHN-109080 // VULMON: CVE-2017-18001

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02172

AFFECTED PRODUCTS

vendor:trustwavemodel:secure web gatewayscope:lteversion:11.8.0.27

Trust: 1.8

vendor:trustwavemodel:secure web gatewayscope:lteversion:<=11.8.0.27

Trust: 0.6

vendor:trustwavemodel:secure web gatewayscope:eqversion:11.8.0.27

Trust: 0.6

sources: CNVD: CNVD-2018-02172 // JVNDB: JVNDB-2017-011893 // CNNVD: CNNVD-201801-014 // NVD: CVE-2017-18001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18001
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-18001
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-02172
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201801-014
value: CRITICAL

Trust: 0.6

VULHUB: VHN-109080
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18001
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18001
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-02172
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-109080
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18001
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02172 // VULHUB: VHN-109080 // VULMON: CVE-2017-18001 // JVNDB: JVNDB-2017-011893 // CNNVD: CNNVD-201801-014 // NVD: CVE-2017-18001

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-320

Trust: 0.9

sources: VULHUB: VHN-109080 // JVNDB: JVNDB-2017-011893 // NVD: CVE-2017-18001

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-014

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201801-014

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011893

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-109080 // 
            
            
            
            VULMON: CVE-2017-18001

PATCH
title:Important Security Update for Trustwave Secure Web Gatewayurl:https://www.trustwave.com/Resources/Trustwave-Software-Updates/Important-Security-Update-for-Trustwave-Secure-Web-Gateway/
Trust: 0.8
title:TrustwaveSecureWebGateway privilege escalation vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/114729
Trust: 0.6
title:Trustwave Secure Web Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77399
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02172 // 
            
            
            
            JVNDB: JVNDB-2017-011893 // 
            
            
            
            CNNVD: CNNVD-201801-014

EXTERNAL IDS
db:NVDid:CVE-2017-18001
Trust: 3.2
db:EXPLOIT-DBid:44047
Trust: 1.8
db:JVNDBid:JVNDB-2017-011893
Trust: 0.8
db:CNNVDid:CNNVD-201801-014
Trust: 0.7
db:CNVDid:CNVD-2018-02172
Trust: 0.6
db:VULHUBid:VHN-109080
Trust: 0.1
db:VULMONid:CVE-2017-18001
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02172 // 
            
            
            
            VULHUB: VHN-109080 // 
            
            
            
            VULMON: CVE-2017-18001 // 
            
            
            
            JVNDB: JVNDB-2017-011893 // 
            
            
            
            CNNVD: CNNVD-201801-014 // 
            
            
            
            NVD: CVE-2017-18001

REFERENCES
url:https://blogs.securiteam.com/index.php/archives/3550
Trust: 2.4
url:https://www.exploit-db.com/exploits/44047/
Trust: 1.9
url:http://seclists.org/fulldisclosure/2017/dec/88
Trust: 1.8
url:https://www.trustwave.com/resources/trustwave-software-updates/important-security-update-for-trustwave-secure-web-gateway/
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18001
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18001
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02172 // 
            
            
            
            VULHUB: VHN-109080 // 
            
            
            
            VULMON: CVE-2017-18001 // 
            
            
            
            JVNDB: JVNDB-2017-011893 // 
            
            
            
            CNNVD: CNNVD-201801-014 // 
            
            
            
            NVD: CVE-2017-18001

SOURCES
db:CNVDid:CNVD-2018-02172
db:VULHUBid:VHN-109080
db:VULMONid:CVE-2017-18001
db:JVNDBid:JVNDB-2017-011893
db:CNNVDid:CNNVD-201801-014
db:NVDid:CVE-2017-18001

LAST UPDATE DATE
2025-04-20T23:36:44.160000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02172date:2018-01-30T00:00:00
db:VULHUBid:VHN-109080date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-18001date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-011893date:2018-02-02T00:00:00
db:CNNVDid:CNNVD-201801-014date:2019-10-23T00:00:00
db:NVDid:CVE-2017-18001date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02172date:2018-01-29T00:00:00
db:VULHUBid:VHN-109080date:2017-12-31T00:00:00
db:VULMONid:CVE-2017-18001date:2017-12-31T00:00:00
db:JVNDBid:JVNDB-2017-011893date:2018-02-02T00:00:00
db:CNNVDid:CNNVD-201801-014date:2018-01-02T00:00:00
db:NVDid:CVE-2017-18001date:2017-12-31T19:29:00.193