Description
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device.
Problem types
Authentication Bypass by Primary Weakness
Product status
11.8.0-453
12.5.3-002
12.0.3-007
12.0.3-005
14.1.0-032
14.1.0-047
14.1.0-041
12.0.4-002
14.0.2-012
11.8.0-414
12.0.1-268
11.8.1-023
11.8.3-021
11.8.3-018
12.5.1-011
11.8.4-004
12.5.2-007
12.5.2-011
14.5.0-498
12.5.4-005
12.5.4-011
12.0.5-011
14.0.3-014
12.5.5-004
12.5.5-005
12.5.5-008
14.0.4-005
14.5.1-008
14.5.1-016
15.0.0-355
15.0.0-322
12.5.6-008
15.1.0-287
14.5.2-011
15.2.0-116
14.0.5-007
15.2.0-164
14.5.1-510
12.0.2-012
12.0.2-004
14.5.1-607
14.5.3-033
15.0.1-004
15.2.1-011
14.5.0-673
14.5.0-537
12.0.1-334
14.0.1-503
14.0.1-053
11.8.0-429
14.0.1-040
14.0.1-014
12.5.1-043
15.2.2-009
15.2.3-007
15.2.4-022
15.2.5-011
15.2.5-013
14.6.0-108
References
sec.cloudapps.cisco.com/...cisco-sa-wsa-auth-bypass-6YZkTQhd (cisco-sa-wsa-auth-bypass-6YZkTQhd)