ID
VAR-201907-0230
CVE
CVE-2019-1886
TITLE
Cisco Web Security Appliance Input validation vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2019-006270
DESCRIPTION
A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device. The device provides SaaS-based access control, real-time network reporting and tracking, and security policy development. AsyncOS Software is a set of operating systems used in it. This issue is being tracked by Cisco Bug ID CSCvo33747
Trust: 2.52
sources:
NVD: CVE-2019-1886 //
JVNDB: JVNDB-2019-006270 //
CNVD: CNVD-2019-25710 //
BID: 109049 //
VULHUB: VHN-151248
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2019-25710
AFFECTED PRODUCTS
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 10.5.2-072 | Trust: 1.3 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 10.5.3-025 | Trust: 1.3 |
| vendor: | cisco | model: | asyncos | scope: | lt | version: | 11.5.2-020 | Trust: 1.0 |
| vendor: | cisco | model: | asyncos | scope: | gte | version: | 11.5 | Trust: 1.0 |
| vendor: | cisco | model: | asyncos | scope: | lt | version: | 10.5.5-005 | Trust: 1.0 |
| vendor: | cisco | model: | asyncos | scope: | gte | version: | 10.5 | Trust: 1.0 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 11.7.0-fcs-334 | Trust: 1.0 |
| vendor: | cisco | model: | asyncos | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | web security the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | web security appliance | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance 11.7.0-fcs-334 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | asyncos software | scope: | eq | version: | 11.5 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos software | scope: | eq | version: | 10.5 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos software | scope: | eq | version: | 10.1 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos software | scope: | eq | version: | 10.0 | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance 11.7.0-fcs-418 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | ne | version: | 11.7.0-418 | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | ne | version: | 11.7.0-406 | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | ne | version: | 11.5.2-020 | Trust: 0.3 |
| vendor: | cisco | model: | web security appliance | scope: | ne | version: | 10.5.5-005 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos software | scope: | ne | version: | 11.5.2-020 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos software | scope: | ne | version: | 10.5.5-005 | Trust: 0.3 |
sources:
CNVD: CNVD-2019-25710 //
BID: 109049 //
JVNDB: JVNDB-2019-006270 //
NVD: CVE-2019-1886
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2019-25710 //
VULHUB: VHN-151248 //
JVNDB: JVNDB-2019-006270 //
CNNVD: CNNVD-201907-237 //
NVD: CVE-2019-1886 //
NVD: CVE-2019-1886
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
| problemtype: | CWE-295 | Trust: 1.1 |
sources:
VULHUB: VHN-151248 //
JVNDB: JVNDB-2019-006270 //
NVD: CVE-2019-1886
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201907-237
TYPE
trust management problem
Trust: 0.6
sources:
CNNVD: CNNVD-201907-237
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-006270
PATCH
| title: | cisco-sa-20190703-wsa-dos | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-wsa-dos | Trust: 0.8 |
| title: | Patch for Cisco Web Security Appliance AsyncOS Software Input Validation Error Vulnerability (CNVD-2019-25710) | url: | https://www.cnvd.org.cn/patchInfo/show/172965 | Trust: 0.6 |
| title: | Cisco Web Security Appliance AsyncOS Software Enter the fix for the verification error vulnerability | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94426 | Trust: 0.6 |
sources:
CNVD: CNVD-2019-25710 //
JVNDB: JVNDB-2019-006270 //
CNNVD: CNNVD-201907-237
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-1886 | Trust: 3.4 |
| db: | BID | id: | 109049 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2019-006270 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201907-237 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2019-25710 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2019.2446 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-151248 | Trust: 0.1 |
sources:
CNVD: CNVD-2019-25710 //
VULHUB: VHN-151248 //
BID: 109049 //
JVNDB: JVNDB-2019-006270 //
CNNVD: CNNVD-201907-237 //
NVD: CVE-2019-1886
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-wsa-dos | Trust: 2.6 |
| url: | http://www.securityfocus.com/bid/109049 | Trust: 2.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-1886 | Trust: 1.4 |
| url: | http://www.cisco.com/ | Trust: 0.9 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1886 | Trust: 0.8 |
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-asyncos-wsa | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/cisco-web-security-appliance-denial-of-service-via-https-certificate-29693 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2019.2446/ | Trust: 0.6 |
sources:
CNVD: CNVD-2019-25710 //
VULHUB: VHN-151248 //
BID: 109049 //
JVNDB: JVNDB-2019-006270 //
CNNVD: CNNVD-201907-237 //
NVD: CVE-2019-1886
CREDITS
Cisco
Trust: 0.9
sources:
BID: 109049 //
CNNVD: CNNVD-201907-237
SOURCES
| db: | CNVD | id: | CNVD-2019-25710 |
| db: | VULHUB | id: | VHN-151248 |
| db: | BID | id: | 109049 |
| db: | JVNDB | id: | JVNDB-2019-006270 |
| db: | CNNVD | id: | CNNVD-201907-237 |
| db: | NVD | id: | CVE-2019-1886 |
LAST UPDATE DATE
2024-11-23T22:41:28.414000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-25710 | date: | 2019-08-02T00:00:00 |
| db: | VULHUB | id: | VHN-151248 | date: | 2020-10-16T00:00:00 |
| db: | BID | id: | 109049 | date: | 2019-07-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-006270 | date: | 2019-07-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-237 | date: | 2020-10-21T00:00:00 |
| db: | NVD | id: | CVE-2019-1886 | date: | 2024-11-21T04:37:36.930 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-25710 | date: | 2019-08-02T00:00:00 |
| db: | VULHUB | id: | VHN-151248 | date: | 2019-07-04T00:00:00 |
| db: | BID | id: | 109049 | date: | 2019-07-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-006270 | date: | 2019-07-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-237 | date: | 2019-07-03T00:00:00 |
| db: | NVD | id: | CVE-2019-1886 | date: | 2019-07-04T20:15:11 |