CVE-2019-1714 — Cisco Adaptive Security Appliance Software vulnerability

CWE-2554 documents4 sources

Severity

8.6HIGHNVD

EPSS

1.7%

top 17.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedMay 3

Latest updateMay 24

Description

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authenticatio…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software9.7 — 9.8.4+2

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwareunspecified — 9.8.4+2

▶CVEListV5cisco/cisco_firepower_threat_defense_softwareunspecified — 6.2.3.12+1

▶NVDcisco/firepower_threat_defense6.2.1 — 6.2.3.12+1

🔴Vulnerability Details

GHSA

GHSA-c2pv-f87v-p3wc: A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability↗2019-05-03

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability↗2019-05-01

▶