CVE-2016-9212

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:web_security_appliance:9.0.1-162:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_appliance:9.1.1-074:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-12-14 00:59

Updated : 2024-02-04 19:11


NVD link : CVE-2016-9212

Mitre link : CVE-2016-9212

CVE.ORG link : CVE-2016-9212


JSON object : View

Products Affected

cisco

  • web_security_appliance
CWE
CWE-20

Improper Input Validation