CVE-2019-12693 — Incorrect Type Conversion or Cast in Cisco Adaptive Security Appliance Software

CWE-704 — Incorrect Type Conversion or Cast CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.4%

top 41.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance Cisco Adaptive Security Appliance Software

Timeline

PublishedOct 2

Latest updateMay 24

Description

A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/adaptive_security_appliance_software9.7 — 9.8.4+3

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwareunspecified — n/a

▶NVDcisco/adaptive_security_appliance< 9.6.4.30

🔴Vulnerability Details

GHSA

GHSA-rc7c-qrr9-4694: A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software Secure Copy Denial of Service Vulnerability↗2019-10-02

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software Secure Copy Denial of Service Vulnerability↗2019-10-02

▶