// For flags

CVE-2019-1884

Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for certain fields in HTTP/HTTPS requests sent through an affected device. A successful attacker could exploit this vulnerability by sending a malicious HTTP/HTTPS request through an affected device. An exploit could allow the attacker to force the device to stop processing traffic, resulting in a DoS condition.

Una vulnerabilidad en la funcionalidad de proxy web de Cisco AsyncOS Software para Cisco Web Security Appliance (WSA) podría permitir que un atacante remoto autenticado provoque una condición de denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a mecanismos de validación de entrada insuficientes para ciertos campos en las solicitudes HTTP/HTTPS enviadas a través de un dispositivo afectado. Un atacante con éxito podría explotar esta vulnerabilidad enviando una solicitud HTTP/HTTPS malintencionada a través de un dispositivo afectado. Una vulnerabilidad podría permitir que el atacante obligue al dispositivo a detener el procesamiento del tráfico, lo que resulta en una condición DoS.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-12-06 CVE Reserved
  • 2019-07-04 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Asyncos
Search vendor "Cisco" for product "Asyncos"
 >= 10.1 < 10.5.5-005
Search vendor "Cisco" for product "Asyncos" and version " >= 10.1 < 10.5.5-005"
-
Affected
Cisco
Search vendor "Cisco"
 Asyncos
Search vendor "Cisco" for product "Asyncos"
 >= 11.5 < 11.5.2-020
Search vendor "Cisco" for product "Asyncos" and version " >= 11.5 < 11.5.2-020"
-
Affected
Cisco
Search vendor "Cisco"
 Asyncos
Search vendor "Cisco" for product "Asyncos"
 >= 11.7 < 11.7.0-407
Search vendor "Cisco" for product "Asyncos" and version " >= 11.7 < 11.7.0-407"
-
Affected
Cisco
Search vendor "Cisco"
 Web Security Appliance
Search vendor "Cisco" for product "Web Security Appliance"
 10.1.4-017
Search vendor "Cisco" for product "Web Security Appliance" and version "10.1.4-017"
-
Affected
Cisco
Search vendor "Cisco"
 Web Security Appliance
Search vendor "Cisco" for product "Web Security Appliance"
 10.5.2-072
Search vendor "Cisco" for product "Web Security Appliance" and version "10.5.2-072"
-
Affected
Cisco
Search vendor "Cisco"
 Web Security Appliance
Search vendor "Cisco" for product "Web Security Appliance"
 11.5.1-fcs-125
Search vendor "Cisco" for product "Web Security Appliance" and version "11.5.1-fcs-125"
-
Affected
Cisco
Search vendor "Cisco"
 Web Security Appliance
Search vendor "Cisco" for product "Web Security Appliance"
 11.7.0-256
Search vendor "Cisco" for product "Web Security Appliance" and version "11.7.0-256"
-
Affected