First published: Fri Feb 08 2019(Updated: )
A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. An attacker could exploit this vulnerability by sending a SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured drop policy to block specific SSL connections. Releases 10.1.x and 10.5.x are affected.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Web Security Appliance | =10.1.0-204 | |
Cisco Web Security Appliance | =10.5.2-072 | |
Cisco Web Security Appliance | =11.5.1-fcs-115 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-1672.
CVE-2019-1672 has a severity rating of 5.8 (medium).
Versions 10.1.0-204, 10.5.2-072, and 11.5.1-fcs-115 of Cisco Web Security Appliance are affected by CVE-2019-1672.
This vulnerability allows an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied.
Apply the necessary updates provided by Cisco to fix CVE-2019-1672.