CVE-2019-1876

CVE Database · CVE-2019-1876

CVE-2019-1876

· N/AModified

CVSS v3.1

N/A

EPSS

1.77%

Published

Jun 20, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.

Weaknesses (CWE)

CWE-306CWE-306

Affected Products (3)

cisco · wide_area_application_servicesvulnerable

References (4)

http://www.securityfocus.com/bid/108863

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass

Vendor Advisory

http://www.securityfocus.com/bid/108863

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-waas-authbypass

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs