ID

VAR-201905-0588


CVE

CVE-2019-1694


TITLE

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004366

DESCRIPTION

A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots. Attackers can exploit this issue to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvn78174. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Cisco 3000 Series Industrial Security Appliances; ASA 5500-X Series Firewalls; ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers; Adaptive Security Virtual Appliance; 9300 Security Appliance; FTD Virtual (FTDv)

Trust: 2.07

sources: NVD: CVE-2019-1694 // JVNDB: JVNDB-2019-004366 // BID: 108160 // VULHUB: VHN-149136 // VULMON: CVE-2019-1694

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.5

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.9.2.50

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.10.1.17

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.6.4.25

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.4.4.34

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.10

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.3.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.2.3.12

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense virtualscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.4

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.0.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:firepower security appliancescope:eqversion:93000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:eqversion:41000

Trust: 0.3

vendor:ciscomodel:firepower seriesscope:eqversion:21000

Trust: 0.3

vendor:ciscomodel:asa services module for cisco catalyst series switchesscope:eqversion:65000

Trust: 0.3

vendor:ciscomodel:asa services module for cisco series routersscope:eqversion:76000

Trust: 0.3

vendor:ciscomodel:asa series firewallsscope:eqversion:5500-x0

Trust: 0.3

vendor:ciscomodel:adaptive security virtual appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.9

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.8

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.7

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.6

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.5

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.4

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.12

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.10

Trust: 0.3

vendor:ciscomodel:series industrial security appliancescope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:neversion:6.3.0.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:neversion:6.2.3.12

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.8.4

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.9.2.50

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.6.4.25

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.4.4.34

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.10.1.17

Trust: 0.3

sources: BID: 108160 // JVNDB: JVNDB-2019-004366 // NVD: CVE-2019-1694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1694
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1694
value: HIGH

Trust: 1.0

NVD: CVE-2019-1694
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-026
value: HIGH

Trust: 0.6

VULHUB: VHN-149136
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1694
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1694
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-149136
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1694
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1694
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-149136 // VULMON: CVE-2019-1694 // JVNDB: JVNDB-2019-004366 // CNNVD: CNNVD-201905-026 // NVD: CVE-2019-1694 // NVD: CVE-2019-1694

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-149136 // JVNDB: JVNDB-2019-004366 // NVD: CVE-2019-1694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-026

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-026

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004366

PATCH

title:cisco-sa-20190501-asa-frpwrtd-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-frpwrtd-dos

Trust: 0.8

title:Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92177

Trust: 0.6

title:Cisco: Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software TCP Timer Handling Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190501-asa-frpwrtd-dos

Trust: 0.1

title:Threatposturl:https://threatpost.com/bug-in-nsas-ghidra/148787/

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco_high-severity_bug/144410/

Trust: 0.1

sources: VULMON: CVE-2019-1694 // JVNDB: JVNDB-2019-004366 // CNNVD: CNNVD-201905-026

EXTERNAL IDS

db:NVDid:CVE-2019-1694

Trust: 2.9

db:BIDid:108160

Trust: 2.1

db:JVNDBid:JVNDB-2019-004366

Trust: 0.8

db:CNNVDid:CNNVD-201905-026

Trust: 0.7

db:AUSCERTid:ESB-2019.1510.2

Trust: 0.6

db:VULHUBid:VHN-149136

Trust: 0.1

db:VULMONid:CVE-2019-1694

Trust: 0.1

sources: VULHUB: VHN-149136 // VULMON: CVE-2019-1694 // BID: 108160 // JVNDB: JVNDB-2019-004366 // CNNVD: CNNVD-201905-026 // NVD: CVE-2019-1694

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-frpwrtd-dos

Trust: 2.8

url:http://www.securityfocus.com/bid/108160

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-1694

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1694

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-ftd-ike-dos

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-tcp-timer-29193

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80090

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/bug-in-nsas-ghidra/148787/

Trust: 0.1

sources: VULHUB: VHN-149136 // VULMON: CVE-2019-1694 // BID: 108160 // JVNDB: JVNDB-2019-004366 // CNNVD: CNNVD-201905-026 // NVD: CVE-2019-1694

CREDITS

Cisco.

Trust: 0.9

sources: BID: 108160 // CNNVD: CNNVD-201905-026

SOURCES

db:VULHUBid:VHN-149136
db:VULMONid:CVE-2019-1694
db:BIDid:108160
db:JVNDBid:JVNDB-2019-004366
db:CNNVDid:CNNVD-201905-026
db:NVDid:CVE-2019-1694

LAST UPDATE DATE

2024-08-14T13:45:03.584000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149136date:2020-10-07T00:00:00
db:VULMONid:CVE-2019-1694date:2023-08-15T00:00:00
db:BIDid:108160date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004366date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-026date:2019-05-23T00:00:00
db:NVDid:CVE-2019-1694date:2023-08-15T15:24:56.340

SOURCES RELEASE DATE

db:VULHUBid:VHN-149136date:2019-05-03T00:00:00
db:VULMONid:CVE-2019-1694date:2019-05-03T00:00:00
db:BIDid:108160date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004366date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-026date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1694date:2019-05-03T15:29:01.040