A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2019-06-20T03:00:20.264751Z
Updated: 2024-09-17T01:16:11.123Z
Reserved: 2018-12-06T00:00:00
Link: CVE-2019-1876
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-06-20T03:15:12.167
Modified: 2019-10-09T23:48:24.613
Link: CVE-2019-1876
Redhat
No data.