Rewterz Threat Advisory – CVE-2019-1905 – Cisco Email Security Appliance AsyncOS GZIP Content Filter Security Bypass Vulnerability
June 20, 2019Rewterz Threat Advisory – CVE-2019-1631 – Cisco UCS C-Series Rack Servers IMC System Information Disclosure Vulnerability
June 20, 2019Rewterz Threat Advisory – CVE-2019-1905 – Cisco Email Security Appliance AsyncOS GZIP Content Filter Security Bypass Vulnerability
June 20, 2019Rewterz Threat Advisory – CVE-2019-1631 – Cisco UCS C-Series Rack Servers IMC System Information Disclosure Vulnerability
June 20, 2019Severity
Medium
Analysis Summary
The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.
Impact
Security Bypass
Affected Vendors
Cisco
Affected Products
- Cisco WAAS (Wide Area Application Services) 5.x
- Cisco WAAS (Wide Area Application Services) 6.x
Remediation
Please see vendor’s advisory for more details as the bug report CSCvo13639 indicates a fixed status.