CVE-2019-1981Improper Input Validation in Cisco Firepower Threat Defense Software

CWE-264CWE-20Improper Input Validation4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.4%
top 38.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Firepower Threat Defense SoftwareCisco Secure Firewall Management Center
Timeline
PublishedNov 5
Latest updateMay 24

Description

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that contains specifically obfuscated payloads through an affected device. An exploit coul

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_firepower_threat_defense_softwareunspecifiedn/a
NVDcisco/secure_firewall_management_center2.9.122.9.12.15+4

🔴Vulnerability Details

2
GHSA
GHSA-55w6-hghf-mfpw: A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Fi2022-05-24
CVEList
Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability2019-11-05

📋Vendor Advisories

1
Cisco
Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability2019-08-16
CVE-2019-1981 — Improper Input Validation in Cisco | cvebase