CVE-2019-12676 — Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.1%

top 71.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedOct 2

Latest updateMay 24

Description

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerabili…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software9.7 — 9.8.4.8+3

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwareunspecified — n/a

▶NVDcisco/firepower_threat_defense6.4.0 — 6.4.0.4+1

▶NVDcisco/adaptive_security_appliance< 9.6.4.34

🔴Vulnerability Details

GHSA

GHSA-c438-397x-vxwr: A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat D↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability↗2019-10-02

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability↗2019-10-02

▶