{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T11:02:14.023","vulnerabilities":[{"cve":{"id":"CVE-2019-1672","sourceIdentifier":"psirt@cisco.com","published":"2019-02-08T18:29:00.283","lastModified":"2024-11-21T04:37:03.967","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. An attacker could exploit this vulnerability by sending a SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured drop policy to block specific SSL connections. Releases 10.1.x and 10.5.x are affected."},{"lang":"es","value":"Una vulnerabilidad en la funcionalidad Decryption Policy Default Action de Cisco Web Security Appliance (WSA) podría permitir que un atacante remoto no autenticado omita una política de anulación configurada y permita el tráfico en la red que debería no estar permitido. Esta vulnerabilidad se debe a la gestión inadecuada del tráfico cifrado por SSL cuando las notificaciones \"Decrypt for End-User\" están deshabilitadas en la configuración. Un atacante podría explotar esta vulnerabilidad enviando una conexión SSL a través de un dispositivo afectado. Su explotación con éxito podría permitir que el atacante omita una política de anulación configurada para bloquear conexiones SSL concretas. Las versiones 10.1.x y 10.5.x se han visto afectadas."}],"metrics":{"cvssMetricV30":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:web_security_appliance:10.1.0-204:*:*:*:*:*:*:*","matchCriteriaId":"AC71F9F5-B0BA-4415-A4C8-9D0B15732A54"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:web_security_appliance:10.5.2-072:*:*:*:*:*:*:*","matchCriteriaId":"B8F218D6-2AF8-449B-8016-E0B8AAA362D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:web_security_appliance:11.5.1-fcs-115:*:*:*:*:*:*:*","matchCriteriaId":"12479145-9933-4FB8-A479-AFB8A2C526EA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/106904","source":"psirt@cisco.com","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-wsa-bypass","source":"psirt@cisco.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/106904","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-wsa-bypass","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}