5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.3%
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked.
This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. An attacker could exploit this vulnerability by using an affected device to connect to a malicious server and receiving crafted HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device.
[
{
"vendor": "Cisco",
"product": "Cisco Secure Web Appliance",
"versions": [
{
"version": "11.7.0-406",
"status": "affected"
},
{
"version": "11.7.0-418",
"status": "affected"
},
{
"version": "11.7.1-049",
"status": "affected"
},
{
"version": "11.7.1-006",
"status": "affected"
},
{
"version": "11.7.1-020",
"status": "affected"
},
{
"version": "11.7.2-011",
"status": "affected"
},
{
"version": "11.8.0-414",
"status": "affected"
},
{
"version": "11.8.1-023",
"status": "affected"
},
{
"version": "11.8.3-018",
"status": "affected"
},
{
"version": "11.8.3-021",
"status": "affected"
},
{
"version": "12.0.1-268",
"status": "affected"
},
{
"version": "12.0.3-007",
"status": "affected"
},
{
"version": "12.5.2-007",
"status": "affected"
},
{
"version": "12.5.1-011",
"status": "affected"
},
{
"version": "12.5.4-005",
"status": "affected"
},
{
"version": "12.5.5-004",
"status": "affected"
},
{
"version": "14.5.0-498",
"status": "affected"
},
{
"version": "14.5.1-016",
"status": "affected"
},
{
"version": "14.0.3-014",
"status": "affected"
},
{
"version": "14.0.2-012",
"status": "affected"
},
{
"version": "14.0.4-005",
"status": "affected"
}
]
}
]
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.3%