CVE-2019-1672

A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. An attacker could exploit this vulnerability by sending a SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured drop policy to block specific SSL connections. Releases 10.1.x and 10.5.x are affected.

Published: Feb 8, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-1672
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.8
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
cisco / web_security_appliance	10.1.0-204	10.1.0-204.x
cisco / web_security_appliance	11.5.1-fcs-115	11.5.1-fcs-115.x
cisco / web_security_appliance	10.5.2-072	10.5.2-072.x

Vulnerability Database

289,697

CVE-2019-1672