CVE-2019-1876

EPSS 1.97%
Veröffentlicht 20.06.2019 03:15:12
Zuletzt bearbeitet 21.11.2024 04:37:35
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Wide Area Application Services Version5.5(7)

Cisco ≫ Wide Area Application Services Version6.1(1)

Cisco ≫ Wide Area Application Services Version6.4(3b)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.97%	0.818

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
psirt@cisco.com	4	2.2	1.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://www.securityfocus.com/bid/108863

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1876

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1876

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1876

EUVD