CVE-2017-18001
NONE EPSS 96.0%
Published Dec 31, 20178y ago · Modified Jun 17, 20262w ago
Published Dec 31, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
Threat Intelligence
EPSS Exploit Probability
96.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-306 Missing Authentication for Critical Function Authentication
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| trustwave | secure_web_gateway | * | ≤11.8.0.27 |
References 4
- seclists.org http://seclists.org/fulldisclosure/2017/Dec/88
- blogs.securiteam.com https://blogs.securiteam.com/index.php/archives/3550
- exploit-db.com https://www.exploit-db.com/exploits/44047/
- trustwave.com https://www.trustwave.com/Resources/Trustwave-Software-Updates/Important-Security-Update-for-Trustwave-Secure-Web-Gateway/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.