CVE-2019-1876

Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability

CVSS 4 MEDIUMEPSS 1.8%CWE-306

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4EPSS 1.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

20 jun 2019Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Produtos afetados

Cisco · Cisco Wide Area Application Services (WAAS)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass http://www.securityfocus.com/bid/108863