Details of VAR-201905-0237

ID

VAR-201905-0237

CVE

CVE-2019-1705

TITLE

Cisco Adaptive Security Appliance Software improper resource shutdown and release vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004457

DESCRIPTION

A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition. This issue is being tracked by Cisco Bug ID CSCvk13637. Cisco 3000 Series Industrial Security Appliances, etc. are all products of Cisco (Cisco). Cisco 3000 Series Industrial Security Appliances is a 3000 series firewall appliance. Firepower 2100 Series is a 2100 series firewall appliance. ASA Software is one of those firewall and network security platforms. The platform provides features such as highly secure access to data and network resources. The following products are affected: Cisco 3000 Series Industrial Security Appliances; ASA 5500-X Series Firewalls; ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers; Firepower 2100 Series;

Trust: 1.98

sources: NVD: CVE-2019-1705 // JVNDB: JVNDB-2019-004457 // BID: 108151 // VULHUB: VHN-149257

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.2.50	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.10.1.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.6.4.25	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.4.4.34	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower security appliance	scope:	eq	version:	93000	Trust: 0.3
vendor:	cisco	model:	firepower series	scope:	eq	version:	41000	Trust: 0.3
vendor:	cisco	model:	firepower series	scope:	eq	version:	21000	Trust: 0.3
vendor:	cisco	model:	asa services module for cisco catalyst series switches	scope:	eq	version:	65000	Trust: 0.3
vendor:	cisco	model:	asa services module for cisco series routers	scope:	eq	version:	76000	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x0	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.9	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.10	Trust: 0.3
vendor:	cisco	model:	series industrial security appliance	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.8.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.9.2.50	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.6.4.25	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.4.4.34	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.10.1.17	Trust: 0.3

sources: BID: 108151 // JVNDB: JVNDB-2019-004457 // NVD: CVE-2019-1705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1705
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1705
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1705
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-016
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-149257
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1705
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-149257
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1705
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1705
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-149257 // JVNDB: JVNDB-2019-004457 // CNNVD: CNNVD-201905-016 // NVD: CVE-2019-1705 // NVD: CVE-2019-1705

PROBLEMTYPE DATA

problemtype:

CWE-404

Trust: 1.9

sources: VULHUB: VHN-149257 // JVNDB: JVNDB-2019-004457 // NVD: CVE-2019-1705

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-016

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201905-016

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004457

PATCH

title:	cisco-sa-20190501-asa-vpn-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-vpn-dos	Trust: 0.8
title:	Cisco Adaptive Security Appliances Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92167	Trust: 0.6

sources: JVNDB: JVNDB-2019-004457 // CNNVD: CNNVD-201905-016

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1705	Trust: 2.8
db:	BID	id:	108151	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-004457	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-016	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0200	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1519	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0766	Trust: 0.6
db:	VULHUB	id:	VHN-149257	Trust: 0.1

sources: VULHUB: VHN-149257 // BID: 108151 // JVNDB: JVNDB-2019-004457 // CNNVD: CNNVD-201905-016 // NVD: CVE-2019-1705

REFERENCES

url:	http://www.securityfocus.com/bid/108151	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-vpn-dos	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1705	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1705	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-csrf	Trust: 0.6
url:	https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0200/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-vpn-session-manager-29201	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0766/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80114	Trust: 0.6

sources: VULHUB: VHN-149257 // BID: 108151 // JVNDB: JVNDB-2019-004457 // CNNVD: CNNVD-201905-016 // NVD: CVE-2019-1705

CREDITS

Cisco.

Trust: 0.9

sources: BID: 108151 // CNNVD: CNNVD-201905-016

SOURCES

db:	VULHUB	id:	VHN-149257
db:	BID	id:	108151
db:	JVNDB	id:	JVNDB-2019-004457
db:	CNNVD	id:	CNNVD-201905-016
db:	NVD	id:	CVE-2019-1705

LAST UPDATE DATE

2024-08-14T12:39:38.675000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149257	date:	2019-10-09T00:00:00
db:	BID	id:	108151	date:	2019-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-004457	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201905-016	date:	2020-03-04T00:00:00
db:	NVD	id:	CVE-2019-1705	date:	2023-08-15T15:24:56.340

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149257	date:	2019-05-03T00:00:00
db:	BID	id:	108151	date:	2019-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-004457	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201905-016	date:	2019-05-01T00:00:00
db:	NVD	id:	CVE-2019-1705	date:	2019-05-03T16:29:00.553