Lucene search

CiscoCVE-2019-1817

HistoryMay 03, 2019 - 5:29 p.m.

CVE-2019-1817

2019-05-0317:29:01

CWE-20

cisco

web.nvd.nist.gov

cve-2019-1817

cisco

web security appliance

dos

vulnerability

nvd

asyncos software

http

https

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.6%

JSON

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. An attacker could exploit this vulnerability by sending a malformed HTTP or HTTPS request to an affected device. An exploit could allow the attacker to cause a restart of the web proxy process, resulting in a temporary DoS condition.

Affected configurations

Nvd

Node

ciscoweb_security_applianceMatch11.5.1-fcs-115

ciscoweb_security_applianceMatch11.5.1-fcs-124

ciscoweb_security_applianceMatch11.5.1-fcs-125

ciscoweb_security_applianceMatch11.7.0-fcs-334

VendorProductVersionCPE
ciscoweb_security_appliance11.5.1-fcs-115cpe:2.3:a:cisco:web_security_appliance:11.5.1-fcs-115:*:*:*:*:*:*:*
ciscoweb_security_appliance11.5.1-fcs-124cpe:2.3:a:cisco:web_security_appliance:11.5.1-fcs-124:*:*:*:*:*:*:*
ciscoweb_security_appliance11.5.1-fcs-125cpe:2.3:a:cisco:web_security_appliance:11.5.1-fcs-125:*:*:*:*:*:*:*
ciscoweb_security_appliance11.7.0-fcs-334cpe:2.3:a:cisco:web_security_appliance:11.7.0-fcs-334:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	web_security_appliance	11.5.1-fcs-115	cpe:2.3:a:cisco:web_security_appliance:11.5.1-fcs-115:::::::*
cisco	web_security_appliance	11.5.1-fcs-124	cpe:2.3:a:cisco:web_security_appliance:11.5.1-fcs-124:::::::*
cisco	web_security_appliance	11.5.1-fcs-125	cpe:2.3:a:cisco:web_security_appliance:11.5.1-fcs-125:::::::*
cisco	web_security_appliance	11.7.0-fcs-334	cpe:2.3:a:cisco:web_security_appliance:11.7.0-fcs-334:::::::*

CNA Affected

[
  {
    "product": "Cisco Web Security Appliance (WSA)",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "11.5.2-020",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "11.7.0-406",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-wsa-dos

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.6%

JSON

Related for CVE-2019-1817