CVE-2019-15956 vulnerability in Cisco Products
Published on November 26, 2019
Cisco Web Security Appliance Unauthorized Device Reset Vulnerability
A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2019-15956 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2019-15956
stack.watch emails you whenever new vulnerabilities are published in Cisco Web Security Appliance or Cisco Asyncos. Just hit a watch button to start following.
Affected Versions
Cisco Web Security Appliance (WSA):- Version unspecified and below n/a is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.