CVE-2019-1886

A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:cisco:web_security_appliance:10.5.2-072:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_appliance:11.7.0-fcs-334:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_appliance:10.5.3-025:*:*:*:*:*:*:*

Information

Published : 2019-07-04 13:15

Updated : 2020-10-16 08:08


NVD link : CVE-2019-1886

Mitre link : CVE-2019-1886


JSON object : View

CWE
CWE-295

Improper Certificate Validation

Advertisement

dedicated server usa

Products Affected

cisco

  • asyncos
  • web_security_appliance