CVE-2019-1876

CWE-306Missing Authentication4 documents4 sources
Severity
5.3MEDIUM
EPSS
2.0%
top 16.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Wide Area Application Services (waas)Cisco Wide Area Application Services
Timeline
PublishedJun 20
Latest updateMay 24

Description

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be bl

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_wide_area_application_services_(waas)unspecified6.4(5.6)
NVDcisco/wide_area_application_services5.5\(7\), 6.1\(1\), 6.4\(3b\)+2

🔴Vulnerability Details

2
GHSA
GHSA-q2wg-6xqh-962p: A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to2022-05-24
CVEList
Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability2019-06-20

📋Vendor Advisories

1
Cisco
Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability2019-06-19
CVE-2019-1876 (MEDIUM CVSS 5.3) | A vulnerability in the HTTPS proxy | cvebase.io