CVE-2019-1693 — Cisco Adaptive Security Appliance Software vulnerability

CWE-3994 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 38.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedMay 3

Latest updateMay 24

Description

A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software9.5 — 9.6.4.25+4

▶CVEListV5cisco/cisco_firepower_threat_defense_softwareunspecified — 6.2.3.12+1

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwareunspecified — 9.4.4.34+4

▶NVDcisco/firepower_threat_defense6.2.1 — 6.2.3.12+1

🔴Vulnerability Details

GHSA

GHSA-3cqj-jcvx-xhxr: A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allo↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability↗2019-05-03

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability↗2019-05-01

▶