CVE-2019-1970

EPSS 0.09%
Veröffentlicht 08.08.2019 08:15:12
Zuletzt bearbeitet 26.11.2024 16:09:02
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Firepower Threat Defense Version < 6.4.1

Cisco ≫ Secure Firewall Management Center Version6.3.0

Cisco ≫ Secure Firewall Management Center Version6.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.225

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
psirt@cisco.com	5.8	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-ftd-bypass

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1970

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1970

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1970

EUVD