ID

VAR-201905-0235


CVE

CVE-2019-1715


TITLE

Cisco Adaptive Security Appliance Software and Firepower Threat Defense In software PRNG Inadequate entropy vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004458

DESCRIPTION

A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. The vulnerability is due to insufficient entropy in the DRBG when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device. Cisco ASA Software and FTD Software are prone to an information-disclosure vulnerability. This may lead to further attacks. This issue being tracked by Cisco Bug ID CSCvj52266. The following products are vulnerable: Cisco ASA Software 9.8, and 9.9 Cisco FTD Software 6.2.1, 6.2.2,and 6.2.3. Cisco Firepower 4100 Series, etc. Cisco Firepower 4100 Series is a 4100 series firewall device. FTD Software is one of the unified software that provides next-generation firewall services. Cisco 3000 Series Industrial Security Appliances is a 3000 series firewall appliance. The platform provides features such as highly secure access to data and network resources

Trust: 1.98

sources: NVD: CVE-2019-1715 // JVNDB: JVNDB-2019-004458 // BID: 108789 // VULHUB: VHN-149367

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance device managerscope:gteversion:9.8

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.3.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance device managerscope:gteversion:9.9

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance device managerscope:ltversion:9.9.2.50

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.2.3.12

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.2.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance device managerscope:ltversion:9.8.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense virtualscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.1

Trust: 0.3

vendor:ciscomodel:firepower asa security modulescope:eqversion:93000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:eqversion:41000

Trust: 0.3

vendor:ciscomodel:asa series with firepower servicesscope:eqversion:5500-x0

Trust: 0.3

vendor:ciscomodel:asa series firewallsscope:eqversion:5500-x9.8(2)

Trust: 0.3

vendor:ciscomodel:adaptive security virtual appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.9

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.8

Trust: 0.3

vendor:ciscomodel:series industrial security appliancesscope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:neversion:6.3.0.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:neversion:6.2.3.12

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.8.4

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.9.2.50

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.6.4.25

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.4.4.34

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.10.1.17

Trust: 0.3

sources: BID: 108789 // JVNDB: JVNDB-2019-004458 // NVD: CVE-2019-1715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1715
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1715
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1715
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-042
value: HIGH

Trust: 0.6

VULHUB: VHN-149367
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1715
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149367
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1715
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1715
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-149367 // JVNDB: JVNDB-2019-004458 // CNNVD: CNNVD-201905-042 // NVD: CVE-2019-1715 // NVD: CVE-2019-1715

PROBLEMTYPE DATA

problemtype:CWE-332

Trust: 1.9

sources: VULHUB: VHN-149367 // JVNDB: JVNDB-2019-004458 // NVD: CVE-2019-1715

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-042

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201905-042

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004458

PATCH

title:cisco-sa-20190501-asa-ftd-entropyurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-entropy

Trust: 0.8

title:Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92189

Trust: 0.6

sources: JVNDB: JVNDB-2019-004458 // CNNVD: CNNVD-201905-042

EXTERNAL IDS

db:NVDid:CVE-2019-1715

Trust: 2.8

db:JVNDBid:JVNDB-2019-004458

Trust: 0.8

db:CNNVDid:CNNVD-201905-042

Trust: 0.7

db:AUSCERTid:ESB-2019.1510.2

Trust: 0.6

db:BIDid:108789

Trust: 0.3

db:VULHUBid:VHN-149367

Trust: 0.1

sources: VULHUB: VHN-149367 // BID: 108789 // JVNDB: JVNDB-2019-004458 // CNNVD: CNNVD-201905-042 // NVD: CVE-2019-1715

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-ftd-entropy

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1715

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1715

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-ftd-ike-dos

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-privilege-escalation-via-drbg-low-entropy-keys-29195

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80090

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-149367 // BID: 108789 // JVNDB: JVNDB-2019-004458 // CNNVD: CNNVD-201905-042 // NVD: CVE-2019-1715

CREDITS

Greg Zaverucha of Microsoft?.

Trust: 0.6

sources: CNNVD: CNNVD-201905-042

SOURCES

db:VULHUBid:VHN-149367
db:BIDid:108789
db:JVNDBid:JVNDB-2019-004458
db:CNNVDid:CNNVD-201905-042
db:NVDid:CVE-2019-1715

LAST UPDATE DATE

2024-08-14T13:45:03.423000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149367date:2019-10-09T00:00:00
db:BIDid:108789date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004458date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201905-042date:2019-05-14T00:00:00
db:NVDid:CVE-2019-1715date:2019-10-09T23:47:48.127

SOURCES RELEASE DATE

db:VULHUBid:VHN-149367date:2019-05-03T00:00:00
db:BIDid:108789date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004458date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201905-042date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1715date:2019-05-03T17:29:00.593