CVE-2019-1886

Name of the Vulnerable Software and Affected Versions Cisco Web Security Appliance (WSA) (affected versions not specified)

Description A vulnerability in the HTTPS decryption feature could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA, potentially causing an unexpected restart of the proxy process on an affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.