#VU19021 Input validation error in Cisco AsyncOS for Web Security Appliances - CVE-2019-1886

Cybersecurity Help s.r.o.

Published: 2019-07-08

Vulnerability identifier: #VU19021

Vulnerability risk: High

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-1886

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco AsyncOS for Web Security Appliances
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Cisco Systems, Inc

Description

The vulnerability allows an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability exist due to insufficient validation of Secure Sockets Layer (SSL) server certificates in the HTTPS decryption feature. A remote attacker can install a malformed certificate in a web server, send a request to it through the Cisco WSA and cause an unexpected restart of the proxy process on an affected device.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cisco AsyncOS for Web Security Appliances: 10.5 - 11.5

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-wsa-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Cisco Web Security Appliance