CVE-2019-1876

Name of the Vulnerable Software and Affected Versions Cisco Wide Area Application Services (WAAS) Software (affected versions not specified)

Description A vulnerability in the HTTPS proxy feature of Cisco WAAS Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The issue is due to insufficient authentication of proxy connection requests. An attacker could exploit this by sending a malicious HTTPS CONNECT message to the Central Manager, potentially allowing access to public internet resources that would normally be blocked by corporate policies.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.