Critical severity9.8NVD Advisory· Published Dec 31, 2017· Updated Jun 17, 2026
CVE-2017-18001
CVE-2017-18001
Description
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:trustwave:secure_web_gateway:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:trustwave:secure_web_gateway:*:*:*:*:*:*:*:*range: <=11.8.0.27
- (no CPE)range: <=11.8.0.27
Patches
Vulnerability mechanics
References
4- seclists.org/fulldisclosure/2017/Dec/88nvdExploitMailing ListThird Party Advisory
- blogs.securiteam.com/index.php/archives/3550nvdExploitThird Party Advisory
- www.trustwave.com/Resources/Trustwave-Software-Updates/Important-Security-Update-for-Trustwave-Secure-Web-Gateway/nvdVendor Advisory
- www.exploit-db.com/exploits/44047/nvd
News mentions
0No linked articles in our index yet.