ID

VAR-201905-0587


CVE

CVE-2019-1693


TITLE

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003892

DESCRIPTION

A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition. This issue is being tracked by Cisco Bug ID CSCvn77957. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.98

sources: NVD: CVE-2019-1693 // JVNDB: JVNDB-2019-003892 // BID: 108157 // VULHUB: VHN-149125

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.5

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.9.2.50

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.10.1.17

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.2.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.6.4.25

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.4.4.34

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.10

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.3.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.2.3.12

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense virtualscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.4

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.0.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:firepower security appliancescope:eqversion:93000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:eqversion:41000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:eqversion:21000

Trust: 0.3

vendor:ciscomodel:asa services module for cisco catalyst series switchesscope:eqversion:65000

Trust: 0.3

vendor:ciscomodel:asa services module for cisco series routersscope:eqversion:76000

Trust: 0.3

vendor:ciscomodel:asa series firewallsscope:eqversion:5500-x0

Trust: 0.3

vendor:ciscomodel:asa cloud firewallscope:eqversion:1000v0

Trust: 0.3

vendor:ciscomodel:adaptive security virtual appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.9

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.8

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.7

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.6

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.5

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.4

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.12

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.10

Trust: 0.3

vendor:ciscomodel:series industrial security appliancescope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:neversion:6.3.0.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:neversion:6.2.3.12

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.8.4

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.9.2.50

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.6.4.25

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.4.4.34

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.10.1.17

Trust: 0.3

sources: BID: 108157 // JVNDB: JVNDB-2019-003892 // NVD: CVE-2019-1693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1693
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1693
value: HIGH

Trust: 1.0

NVD: CVE-2019-1693
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-025
value: MEDIUM

Trust: 0.6

VULHUB: VHN-149125
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1693
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149125
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1693
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1693
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-1693
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149125 // JVNDB: JVNDB-2019-003892 // CNNVD: CNNVD-201905-025 // NVD: CVE-2019-1693 // NVD: CVE-2019-1693

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-149125 // JVNDB: JVNDB-2019-003892 // NVD: CVE-2019-1693

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-025

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201905-025

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003892

PATCH

title:cisco-sa-20190501-asa-ftd-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-dos

Trust: 0.8

title:Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92176

Trust: 0.6

sources: JVNDB: JVNDB-2019-003892 // CNNVD: CNNVD-201905-025

EXTERNAL IDS

db:NVDid:CVE-2019-1693

Trust: 2.8

db:BIDid:108157

Trust: 2.0

db:JVNDBid:JVNDB-2019-003892

Trust: 0.8

db:CNNVDid:CNNVD-201905-025

Trust: 0.7

db:AUSCERTid:ESB-2019.1510.2

Trust: 0.6

db:VULHUBid:VHN-149125

Trust: 0.1

sources: VULHUB: VHN-149125 // BID: 108157 // JVNDB: JVNDB-2019-003892 // CNNVD: CNNVD-201905-025 // NVD: CVE-2019-1693

REFERENCES

url:http://www.securityfocus.com/bid/108157

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-ftd-dos

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1693

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1693

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-ftd-ike-dos

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-webvpn-29221

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80090

Trust: 0.6

sources: VULHUB: VHN-149125 // BID: 108157 // JVNDB: JVNDB-2019-003892 // CNNVD: CNNVD-201905-025 // NVD: CVE-2019-1693

CREDITS

Qian Chen of Qihoo 360 Information Security Department .,Qian Chen of Qihoo 360 Information Security Department.

Trust: 0.6

sources: CNNVD: CNNVD-201905-025

SOURCES

db:VULHUBid:VHN-149125
db:BIDid:108157
db:JVNDBid:JVNDB-2019-003892
db:CNNVDid:CNNVD-201905-025
db:NVDid:CVE-2019-1693

LAST UPDATE DATE

2024-08-14T13:45:03.486000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149125date:2020-10-07T00:00:00
db:BIDid:108157date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003892date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-025date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1693date:2023-08-15T15:24:56.340

SOURCES RELEASE DATE

db:VULHUBid:VHN-149125date:2019-05-03T00:00:00
db:BIDid:108157date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003892date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-025date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1693date:2019-05-03T15:29:00.977