CVE-2019-1876
4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Wide Area Application Services (WAAS) | unspecified < 6.4(5.6) | affected |
Weaknesses
- CWE-306: CWE-306
ADP Enrichment
CVE Program Container
Additional References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass
- http://www.securityfocus.com/bid/108863
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass
- http://www.securityfocus.com/bid/108863
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.