Overview
- Description
- A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. This vulnerability exists because malformed, encoded traffic is not properly detected. An attacker could exploit this vulnerability by connecting through an affected device to a malicious server and receiving malformed HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- ykramarz@cisco.com
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F123F722-4765-49AE-AFE7-C889F3658C57",
"versionEndExcluding": "14.0.4",
"versionStartIncluding": "11.8"
},
{
"criteria": "cpe:2.3:o:cisco:asyncos:14.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23EC2FAD-D9BF-450F-989E-ED862E263F4E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:s195:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9797CD28-48A3-45BD-BF68-F0DF6F5A5579"
},
{
"criteria": "cpe:2.3:h:cisco:s395:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C6D20279-8176-449A-AF4C-E2C90F370B30"
},
{
"criteria": "cpe:2.3:h:cisco:s695:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D9408ADA-7A8F-4528-8236-65713CF642D5"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]