7.7

CVE-2019-1693

A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoAdaptive Security Appliance Software Version < 9.4.4.34
   CiscoAsa 5505 Version-
   CiscoAsa 5510 Version-
   CiscoAsa 5512-x Version-
   CiscoAsa 5515-x Version-
   CiscoAsa 5520 Version-
   CiscoAsa 5525-x Version-
   CiscoAsa 5540 Version-
   CiscoAsa 5545-x Version-
   CiscoAsa 5550 Version-
   CiscoAsa 5555-x Version-
   CiscoAsa 5580 Version-
   CiscoAsa 5585-x Version-
CiscoAdaptive Security Appliance Software Version >= 9.5 < 9.6.4.25
   CiscoAsa 5505 Version-
   CiscoAsa 5510 Version-
   CiscoAsa 5512-x Version-
   CiscoAsa 5515-x Version-
   CiscoAsa 5520 Version-
   CiscoAsa 5525-x Version-
   CiscoAsa 5540 Version-
   CiscoAsa 5545-x Version-
   CiscoAsa 5550 Version-
   CiscoAsa 5555-x Version-
   CiscoAsa 5580 Version-
   CiscoAsa 5585-x Version-
CiscoAdaptive Security Appliance Software Version >= 9.7 < 9.8.4
   CiscoAsa 5505 Version-
   CiscoAsa 5510 Version-
   CiscoAsa 5512-x Version-
   CiscoAsa 5515-x Version-
   CiscoAsa 5520 Version-
   CiscoAsa 5525-x Version-
   CiscoAsa 5540 Version-
   CiscoAsa 5545-x Version-
   CiscoAsa 5550 Version-
   CiscoAsa 5555-x Version-
   CiscoAsa 5580 Version-
   CiscoAsa 5585-x Version-
CiscoAdaptive Security Appliance Software Version >= 9.9 < 9.9.2.50
   CiscoAsa 5505 Version-
   CiscoAsa 5510 Version-
   CiscoAsa 5512-x Version-
   CiscoAsa 5515-x Version-
   CiscoAsa 5520 Version-
   CiscoAsa 5525-x Version-
   CiscoAsa 5540 Version-
   CiscoAsa 5545-x Version-
   CiscoAsa 5550 Version-
   CiscoAsa 5555-x Version-
   CiscoAsa 5580 Version-
   CiscoAsa 5585-x Version-
CiscoAdaptive Security Appliance Software Version >= 9.10 < 9.10.1.17
   CiscoAsa 5505 Version-
   CiscoAsa 5510 Version-
   CiscoAsa 5512-x Version-
   CiscoAsa 5515-x Version-
   CiscoAsa 5520 Version-
   CiscoAsa 5525-x Version-
   CiscoAsa 5540 Version-
   CiscoAsa 5545-x Version-
   CiscoAsa 5550 Version-
   CiscoAsa 5555-x Version-
   CiscoAsa 5580 Version-
   CiscoAsa 5585-x Version-
CiscoFirepower Threat Defense Version >= 6.2.1 < 6.2.3.12
CiscoFirepower Threat Defense Version >= 6.3.0 < 6.3.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.61
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 6.8 8 6.9
AV:N/AC:L/Au:S/C:N/I:N/A:C
psirt@cisco.com 7.7 3.1 4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
http://www.securityfocus.com/bid/108157
Third Party Advisory
VDB Entry