CVE-2019-1944Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20Improper Input ValidationCWE-732Incorrect Permission Assignment4 documents4 sources
Severity
7.3HIGHNVD
EPSS
0.0%
top 85.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Adaptive Security Appliance SoftwareCisco Adaptive Security Appliance Software
Timeline
PublishedAug 7
Latest updateMay 24

Description

Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_adaptive_security_appliance_softwareunspecified9.8.4.7

🔴Vulnerability Details

2
GHSA
GHSA-9v87-xxx7-v2h6: Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to2022-05-24
CVEList
Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities2019-08-07

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities2019-08-07
CVE-2019-1944 — Improper Input Validation in Cisco | cvebase