CVE-2019-1708Improper Resource Shutdown or Release in Cisco Adaptive Security Appliance Software

CWE-404Improper Resource Shutdown or ReleaseCWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.9%
top 23.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance Software+1 more
Timeline
PublishedMay 3
Latest updateMay 24

Description

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sen

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

CVEListV5cisco/cisco_firepower_threat_defense_softwareunspecified6.2.3.12+1
CVEListV5cisco/cisco_adaptive_security_appliance_softwareunspecified9.8.4+2
NVDcisco/firepower_threat_defense6.2.26.2.3.12+1

🔴Vulnerability Details

2
GHSA
GHSA-hjw3-6ghp-6f5f: A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (A2022-05-24
CVEList
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability2019-05-03

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability2019-05-01
CVE-2019-1708 — Improper Resource Shutdown or Release | cvebase