CVE-2019-1876
Published on: 06/19/2019 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:48 PM UTC
CVE-2019-1876 - advisory for cisco-sa-20190619-waas-authbypass
Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Wide Area Application Services from Cisco contain the following vulnerability:
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.
- CVE-2019-1876 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity. - The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
- Affected Vendor/Software: Cisco - Cisco Wide Area Application Services (WAAS) version 6.4(5.6)
CVSS3 Score: 5.3 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | NONE | LOW | NONE |
CVSS2 Score: 5 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| NONE | PARTIAL | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability | Vendor Advisory tools.cisco.com text/html |
CISCO 20190619 Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability |
| Cisco Wide Area Application Services Software CVE-2019-1876 Authentication Bypass Vulnerability | Third Party Advisory VDB Entry cve.report (archive) text/html |
BID 108863 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Wide Area Application Services | 5.5(7) | All | All | All |
| Application | Cisco | Wide Area Application Services | 5.5\(7\) | All | All | All |
| Application | Cisco | Wide Area Application Services | 6.1(1) | All | All | All |
| Application | Cisco | Wide Area Application Services | 6.1\(1\) | All | All | All |
| Application | Cisco | Wide Area Application Services | 6.4(3b) | All | All | All |
| Application | Cisco | Wide Area Application Services | 6.4\(3b\) | All | All | All |
| Application | Cisco | Wide Area Application Services | 5.5\(7\) | All | All | All |
| Application | Cisco | Wide Area Application Services | 6.1\(1\) | All | All | All |
| Application | Cisco | Wide Area Application Services | 6.4\(3b\) | All | All | All |
- cpe:2.3:a:cisco:wide_area_application_services:5.5(7):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.5\(7\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.1(1):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.1\(1\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.4(3b):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.4\(3b\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:5.5\(7\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.1\(1\):*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:wide_area_application_services:6.4\(3b\):*:*:*:*:*:*:*: