Details of VAR-201905-0587

ID

VAR-201905-0587

CVE

CVE-2019-1693

TITLE

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003892

DESCRIPTION

A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition. This issue is being tracked by Cisco Bug ID CSCvn77957. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.98

sources: NVD: CVE-2019-1693 // JVNDB: JVNDB-2019-003892 // BID: 108157 // VULHUB: VHN-149125

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.5	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.3.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.2.50	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.10.1.17	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.6.4.25	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.4.4.34	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.10	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.2.3.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense virtual	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.4	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.3	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.3	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.1	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.0	Trust: 0.3
vendor:	cisco	model:	firepower security appliance	scope:	eq	version:	93000	Trust: 0.3
vendor:	cisco	model:	firepower series	scope:	eq	version:	41000	Trust: 0.3
vendor:	cisco	model:	firepower series	scope:	eq	version:	21000	Trust: 0.3
vendor:	cisco	model:	asa services module for cisco catalyst series switches	scope:	eq	version:	65000	Trust: 0.3
vendor:	cisco	model:	asa services module for cisco series routers	scope:	eq	version:	76000	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x0	Trust: 0.3
vendor:	cisco	model:	asa cloud firewall	scope:	eq	version:	1000v0	Trust: 0.3
vendor:	cisco	model:	adaptive security virtual appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.9	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.10	Trust: 0.3
vendor:	cisco	model:	series industrial security appliance	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	ne	version:	6.3.0.3	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	ne	version:	6.2.3.12	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.8.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.9.2.50	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.6.4.25	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.4.4.34	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.10.1.17	Trust: 0.3

sources: BID: 108157 // JVNDB: JVNDB-2019-003892 // NVD: CVE-2019-1693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1693
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1693
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1693
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-025
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-149125
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1693
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-149125
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1693
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1693
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1693
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-149125 // JVNDB: JVNDB-2019-003892 // CNNVD: CNNVD-201905-025 // NVD: CVE-2019-1693 // NVD: CVE-2019-1693

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-149125 // JVNDB: JVNDB-2019-003892 // NVD: CVE-2019-1693

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-025

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201905-025

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003892

PATCH

title:	cisco-sa-20190501-asa-ftd-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-dos	Trust: 0.8
title:	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92176	Trust: 0.6

sources: JVNDB: JVNDB-2019-003892 // CNNVD: CNNVD-201905-025

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1693	Trust: 2.8
db:	BID	id:	108157	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-003892	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-025	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1510.2	Trust: 0.6
db:	VULHUB	id:	VHN-149125	Trust: 0.1

sources: VULHUB: VHN-149125 // BID: 108157 // JVNDB: JVNDB-2019-003892 // CNNVD: CNNVD-201905-025 // NVD: CVE-2019-1693

REFERENCES

url:	http://www.securityfocus.com/bid/108157	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-ftd-dos	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1693	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1693	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-ftd-ike-dos	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-webvpn-29221	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80090	Trust: 0.6

sources: VULHUB: VHN-149125 // BID: 108157 // JVNDB: JVNDB-2019-003892 // CNNVD: CNNVD-201905-025 // NVD: CVE-2019-1693

CREDITS

Qian Chen of Qihoo 360 Information Security Department .,Qian Chen of Qihoo 360 Information Security Department.

Trust: 0.6

sources: CNNVD: CNNVD-201905-025

SOURCES

db:	VULHUB	id:	VHN-149125
db:	BID	id:	108157
db:	JVNDB	id:	JVNDB-2019-003892
db:	CNNVD	id:	CNNVD-201905-025
db:	NVD	id:	CVE-2019-1693

LAST UPDATE DATE

2024-08-14T13:45:03.486000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149125	date:	2020-10-07T00:00:00
db:	BID	id:	108157	date:	2019-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-003892	date:	2019-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201905-025	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-1693	date:	2023-08-15T15:24:56.340

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149125	date:	2019-05-03T00:00:00
db:	BID	id:	108157	date:	2019-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-003892	date:	2019-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201905-025	date:	2019-05-01T00:00:00
db:	NVD	id:	CVE-2019-1693	date:	2019-05-03T15:29:00.977