#VU17427 Security restrictions bypass in Cisco Web Security Appliance
Vulnerability identifier: #VU17427
Vulnerability risk: Medium
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Web Security Appliance
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass security restrictions on the system.
The vulnerability exists in the Decryption Policy Default Action functionality due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. A remote attacker can send a SSL connection through the affected device to bypass a configured drop policy to block specific SSL connections and allow traffic onto the network that should have been denied.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cisco Web Security Appliance: 10.1.0 204 - 11.5.1 FCS 115
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-wsa-bypass
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
