CVE-2019-1876

Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability

CVSS 4 MEDIUMEPSS 1.8%CWE-306

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 4EPSS 1.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

20 jun 2019Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Productos afectados

Cisco · Cisco Wide Area Application Services (WAAS)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass http://www.securityfocus.com/bid/108863