Critical severity9.8NVD Advisory· Published Dec 31, 2017· Updated May 13, 2026

CVE-2017-18001

Description

Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2017/Dec/88nvdExploitMailing ListThird Party Advisory
blogs.securiteam.com/index.php/archives/3550nvdExploitThird Party Advisory
www.trustwave.com/Resources/Trustwave-Software-Updates/Important-Security-Update-for-Trustwave-Secure-Web-Gateway/nvdVendor Advisory
www.exploit-db.com/exploits/44047/nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.017
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000