Lucene search

[email protected]CVE-2019-1693

HistoryMay 03, 2019 - 3:29 p.m.

CVE-2019-1693

2019-05-0315:29:00

CWE-399

[email protected]

web.nvd.nist.gov

cisco

asa

ftd

webvpn

vulnerability

dos

nvd

cve-2019-1693

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.3%

JSON

A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition.

Affected configurations

NVD

Node

ciscoadaptive_security_appliance_softwareRange<9.4.4.34

ciscoadaptive_security_appliance_softwareRange9.5–9.6.4.25

ciscoadaptive_security_appliance_softwareRange9.7–9.8.4

ciscoadaptive_security_appliance_softwareRange9.9–9.9.2.50

ciscoadaptive_security_appliance_softwareRange9.10–9.10.1.17

AND

ciscoasa_5505Match-

ciscoasa_5510Match-

ciscoasa_5512-xMatch-

ciscoasa_5515-xMatch-

ciscoasa_5520Match-

ciscoasa_5525-xMatch-

ciscoasa_5540Match-

ciscoasa_5545-xMatch-

ciscoasa_5550Match-

ciscoasa_5555-xMatch-

ciscoasa_5580Match-

ciscoasa_5585-xMatch-

Node

ciscofirepower_threat_defenseRange6.2.1–6.2.3.12

ciscofirepower_threat_defenseRange6.3.0–6.3.0.3

CPENameOperatorVersion
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.4.4.34
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.6.4.25
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.8.4
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.9.2.50
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.10.1.17

CPE	Name	Operator	Version
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.4.4.34
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.6.4.25
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.8.4
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.9.2.50
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.10.1.17

CNA Affected

[
  {
    "product": "Cisco Adaptive Security Appliance (ASA) Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "9.4.4.34",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "9.6.4.25",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "9.8.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "9.9.2.50",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "9.10.1.17",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Cisco Firepower Threat Defense (FTD) Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.2.3.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "6.3.0.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108157

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-dos

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for CVE-2019-1693

cvelist1 prion1 nvd1 cisco1