Cisco AsyncOS Web Proxy Function HTTP/HTTPS Request denial of service

A vulnerability classified as problematic has been found in Cisco AsyncOS (version unknown). Affected is an unknown functionality of the component Web Proxy Function. The manipulation as part of a HTTP/HTTPS Request leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. This is going to have an impact on availability.

The weakness was released 07/04/2019 as cisco-sa-20190703-asyncos-wsa as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability is traded as CVE-2019-1884 since 12/06/2018. It is possible to launch the attack remotely. The successful exploitation needs a single authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 07/05/2019).

Upgrading eliminates this vulnerability.

Vendor

• Cisco

Name

• AsyncOS

• 🔒

• 🔒

VulDB Meta Base Score: 4.3
VulDB Meta Temp Score: 4.1

VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Denial of service (CWE-404)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

12/06/2018 CVE assigned
07/04/2019 +210 days Advisory disclosed
07/05/2019 +1 days VulDB entry created
07/05/2019 +0 days VulDB last updateVendor: cisco.com

Advisory: cisco-sa-20190703-asyncos-wsa
Status: Confirmed

CVE: CVE-2019-1884 (🔒)

Created: 07/05/2019 07:12 AM
Complete: 🔍

Comments

Comments are closed.