CVE-2019-1876

Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability

CVSS 4 MEDIUMEPSS 1.8%CWE-306

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4EPSS 1.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

20 Jun 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Affected products

Cisco · Cisco Wide Area Application Services (WAAS)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass http://www.securityfocus.com/bid/108863