CVE-2015-6298

Name: CVE-2015-6298
Creator: NVD / NIST
Published: 2015-11-06T11:59:03.73+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.66%

Last modified Jun 17, 2026

CVE-2015-6298 is a vulnerability of currently unknown severity. The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445.. EPSS estimates a 1.66% chance of exploitation in the next 30 days.

Description

The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445.

Metrics

EPSS Probability

1.66%

73.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Cisco	Web Security Appliance	8.5.0-497

References

Timeline

Published: Nov 6, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-6298?

How severe is CVE-2015-6298?

Severity scoring for CVE-2015-6298 is pending analysis. The EPSS model estimates a 1.66% probability of exploitation in the next 30 days.

How do I fix CVE-2015-6298?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-6298?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST