cisco-sa-20190703-wsa-dos: Cisco Web Security Appliance HTTPS Certificate Denial of Service Vulnerability
First published: Wed Jul 03 2019(Updated: )
A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-wsa-dos
Credit: This vulnerability was found during the resolution a Cisco TAC support case
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AsyncOS Software | =11.5<11.5.2-020=10.5<10.5.5-005=Prior to 10.5<Migrate to 10.5.5-005 | 11.5.2-020 10.5.5-005 Migrate to 10.5.5-005 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/title
- agent/references
- agent/first-publish-date
- agent/type
- agent/event
- agent/softwarecombine
- agent/description
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco asyncos software
- version/cisco asyncos software/11.5
- version/cisco asyncos software/10.5
- version/cisco asyncos software/prior to 10.5