CVE-2019-1876

EPSS 1.97%
Published 20.06.2019 03:15:12
Last modified 21.11.2024 04:37:35
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Wide Area Application Services Version5.5(7)

Cisco ≫ Wide Area Application Services Version6.1(1)

Cisco ≫ Wide Area Application Services Version6.4(3b)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.97%	0.818

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
psirt@cisco.com	4	2.2	1.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://www.securityfocus.com/bid/108863

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1876

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1876

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1876

EUVD