Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. This vulnerability exists because malformed, encoded traffic is not properly detected. An attacker could exploit this vulnerability by connecting through an affected device to a malicious server and receiving malformed HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Cisco Secure Web Appliance 输入验证错误漏洞
Vulnerability Description
Cisco Secure Web Appliance是美国思科(Cisco)公司的一个应用程序。用于保护网站。 Cisco AsyncOS Software for Cisco Secure Web Appliance scanning engines存在输入验证错误漏洞,该漏洞源于其未正确检测到畸形的编码流量导致未经身份验证的远程攻击者绕过配置的规则,从而允许流量进入本应被阻塞的网络。
CVSS Information
N/A
Vulnerability Type
N/A