CVE-2019-1695 — Improper Access Control in Cisco Adaptive Security Appliance Software

CWE-284 — Improper Access Control4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 82.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedMay 3

Latest updateMay 24

Description

A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful expl…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software9.9 — 9.9.2.50+2

▶CVEListV5cisco/cisco_firepower_threat_defense_softwareunspecified — 6.2.3.12+1

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwareunspecified — 9.8.4+2

▶NVDcisco/firepower_threat_defense6.2.1 — 6.2.3.12+1

🔴Vulnerability Details

GHSA

GHSA-96r8-3qv9-q756: A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could al↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering Bypass Vulnerability↗2019-05-03

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering Bypass Vulnerability↗2019-05-01

▶