CVE-2019-1886

HIGH

Cisco AsyncOS 10.5-10.5.5-005 - Denial of Service via Malformed SSL Certificate

Title source: llm

Description

A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-wsa-dos

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/109049

Scores

CVSS v3 8.6

EPSS 0.0135

EPSS Percentile 67.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20 CWE-295

Status published

Products (4)

cisco/asyncos 10.5 - 10.5.5-005

cisco/web_security_appliance 10.5.2-072

cisco/web_security_appliance 10.5.3-025

cisco/web_security_appliance 11.7.0-fcs-334

Published Jul 04, 2019

Tracked Since Feb 18, 2026