Details of VAR-201905-0514

ID

VAR-201905-0514

CVE

CVE-2019-1817

TITLE

Cisco Web Security Appliance of AsyncOS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003882

DESCRIPTION

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. An attacker could exploit this vulnerability by sending a malformed HTTP or HTTPS request to an affected device. An exploit could allow the attacker to cause a restart of the web proxy process, resulting in a temporary DoS condition. This issue is being tracked by Cisco Bug ID CSCvn31450. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. AsyncOS Software is an operating system used in it. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.98

sources: NVD: CVE-2019-1817 // JVNDB: JVNDB-2019-003882 // BID: 108130 // VULHUB: VHN-150489

AFFECTED PRODUCTS

vendor:	cisco	model:	web security appliance	scope:	eq	version:	11.5.1-fcs-124	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	eq	version:	11.7.0-fcs-334	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	eq	version:	11.5.1-fcs-115	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	eq	version:	11.5.1-fcs-125	Trust: 1.0
vendor:	cisco	model:	web security the appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	web security appliance 11.7.0-fcs-334	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	web security appliance 11.5.1-fcs-125	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	web security appliance 11.5.1-fcs-124	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	web security appliance 11.5.1-fcs-115	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	asyncos software	scope:	eq	version:	11.7	Trust: 0.3
vendor:	cisco	model:	asyncos software	scope:	eq	version:	11.5	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	ne	version:	11.7.0-406	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	ne	version:	11.5.2-020	Trust: 0.3
vendor:	cisco	model:	asyncos software	scope:	ne	version:	11.7.0-406	Trust: 0.3
vendor:	cisco	model:	asyncos software	scope:	ne	version:	11.5.2-020	Trust: 0.3
vendor:	cisco	model:	asyncos	scope:	ne	version:	8.0.8-113	Trust: 0.3

sources: BID: 108130 // JVNDB: JVNDB-2019-003882 // NVD: CVE-2019-1817

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1817
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1817
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1817
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-020
value:	HIGH
Trust: 0.6
VULHUB:	VHN-150489
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1817
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-150489
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1817
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1817
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1817
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-150489 // JVNDB: JVNDB-2019-003882 // CNNVD: CNNVD-201905-020 // NVD: CVE-2019-1817 // NVD: CVE-2019-1817

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-150489 // JVNDB: JVNDB-2019-003882 // NVD: CVE-2019-1817

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-020

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-020

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003882

PATCH

title:	cisco-sa-20190501-wsa-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-wsa-dos	Trust: 0.8
title:	Cisco Web Security Appliance Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92171	Trust: 0.6

sources: JVNDB: JVNDB-2019-003882 // CNNVD: CNNVD-201905-020

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1817	Trust: 2.8
db:	BID	id:	108130	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-003882	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-020	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1520	Trust: 0.6
db:	NSFOCUS	id:	43205	Trust: 0.6
db:	VULHUB	id:	VHN-150489	Trust: 0.1

sources: VULHUB: VHN-150489 // BID: 108130 // JVNDB: JVNDB-2019-003882 // CNNVD: CNNVD-201905-020 // NVD: CVE-2019-1817

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-wsa-dos	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1817	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1817	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-wsa-privesc	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-web-security-appliance-denial-of-service-via-malformed-http-s-request-29189	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43205	Trust: 0.6
url:	https://www.securityfocus.com/bid/108130	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80118	Trust: 0.6

sources: VULHUB: VHN-150489 // BID: 108130 // JVNDB: JVNDB-2019-003882 // CNNVD: CNNVD-201905-020 // NVD: CVE-2019-1817

CREDITS

Cisco,Cisco ?? ??

Trust: 0.6

sources: CNNVD: CNNVD-201905-020

SOURCES

db:	VULHUB	id:	VHN-150489
db:	BID	id:	108130
db:	JVNDB	id:	JVNDB-2019-003882
db:	CNNVD	id:	CNNVD-201905-020
db:	NVD	id:	CVE-2019-1817

LAST UPDATE DATE

2024-11-23T22:21:41.294000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150489	date:	2019-10-09T00:00:00
db:	BID	id:	108130	date:	2019-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-003882	date:	2019-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201905-020	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-1817	date:	2024-11-21T04:37:26.647

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150489	date:	2019-05-03T00:00:00
db:	BID	id:	108130	date:	2019-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-003882	date:	2019-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201905-020	date:	2019-05-01T00:00:00
db:	NVD	id:	CVE-2019-1817	date:	2019-05-03T17:29:01