CVE-2019-1970

EPSS 0.09%
Published 08.08.2019 08:15:12
Last modified 26.11.2024 16:09:02
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Firepower Threat Defense Version < 6.4.1

Cisco ≫ Secure Firewall Management Center Version6.3.0

Cisco ≫ Secure Firewall Management Center Version6.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.225

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
psirt@cisco.com	5.8	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-ftd-bypass

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1970

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1970

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1970

EUVD