CVE-2019-1695

EPSS 0.05%
Veröffentlicht 03.05.2019 15:29:01
Zuletzt bearbeitet 21.11.2024 04:37:07
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful exploit could allow the attacker to bypass the Layer 2 (L2) filters and send data directly to the kernel of the affected device. A malicious frame successfully delivered would make the target device generate a specific syslog entry.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Adaptive Security Appliance Software Version < 9.8.4

   Cisco ≫ Firepower 2110 Version-
   Cisco ≫ Firepower 2120 Version-
   Cisco ≫ Firepower 2130 Version-
   Cisco ≫ Firepower 2140 Version-

Cisco ≫ Firepower Threat Defense Version >= 6.2.1 < 6.2.3.12

   Cisco ≫ Firepower 2110 Version-
   Cisco ≫ Firepower 2120 Version-
   Cisco ≫ Firepower 2130 Version-
   Cisco ≫ Firepower 2140 Version-

Cisco ≫ Firepower Threat Defense Version >= 6.3.0 < 6.3.0.3

   Cisco ≫ Firepower 2110 Version-
   Cisco ≫ Firepower 2120 Version-
   Cisco ≫ Firepower 2130 Version-
   Cisco ≫ Firepower 2140 Version-

Cisco ≫ Adaptive Security Appliance Software Version >= 9.9 < 9.9.2.50

   Cisco ≫ Firepower 2110 Version-
   Cisco ≫ Firepower 2120 Version-
   Cisco ≫ Firepower 2130 Version-
   Cisco ≫ Firepower 2140 Version-

Cisco ≫ Adaptive Security Appliance Software Version >= 9.10 < 9.10.1.17

   Cisco ≫ Firepower 2110 Version-
   Cisco ≫ Firepower 2120 Version-
   Cisco ≫ Firepower 2130 Version-
   Cisco ≫ Firepower 2140 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.135

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	6.1	6.5	6.9	AV:A/AC:L/Au:N/C:N/I:C/A:N
psirt@cisco.com	4.3	2.8	1.4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.securityfocus.com/bid/108173

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-bypass

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1695

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1695

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1695

EUVD