CVE-2019-1884 vulnerability in Cisco Products
Published on July 4, 2019
Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for certain fields in HTTP/HTTPS requests sent through an affected device. A successful attacker could exploit this vulnerability by sending a malicious HTTP/HTTPS request through an affected device. An exploit could allow the attacker to force the device to stop processing traffic, resulting in a DoS condition.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2019-1884
stack.watch emails you whenever new vulnerabilities are published in Cisco Web Security Appliance or Cisco Asyncos. Just hit a watch button to start following.
Affected Versions
Cisco Web Security Appliance (WSA):- Version unspecified and below 10.5.5-005 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.