CVE-2019-1886

A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device.

Published: Jul 4, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-1886
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
cisco / asyncos	10.5	10.5.5-005
cisco / asyncos	11.5	11.5.2-020
cisco / web_security_appliance	10.5.2-072	10.5.2-072.x
cisco / web_security_appliance	11.7.0-fcs-334	11.7.0-fcs-334.x
cisco / web_security_appliance	10.5.3-025	10.5.3-025.x

Vulnerability Database

289,697

CVE-2019-1886