CVE-2016-9212

EPSS 0.88%
Veröffentlicht 14.12.2016 00:59:34
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Web Security Appliance Version9.0.1-162

Cisco ≫ Web Security Appliance Version9.1.1-074

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.88%	0.731

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/94774

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037410

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-9212

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9212

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9212

EUVD