Sign-up

ID

VAR-201905-0599


CVE

CVE-2019-1833


TITLE

Cisco Firepower Threat Defense Vulnerability related to failure of protection mechanism in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-004584

DESCRIPTION

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies. The vulnerability is due to improper parsing of specific attributes in a TLS packet header. An attacker could exploit this vulnerability by sending malicious TLS messages to the affected system. A successful exploit could allow the attacker to bypass the configured policies for the system, which could allow traffic to flow through without being inspected. Cisco Firepower Threat Defense (FTD) The software is vulnerable to a defect in the protection mechanism.Information may be tampered with. This issue is being tracked by Cisco Bug CSCvi81022

Trust: 1.98

sources: NVD: CVE-2019-1833 // JVNDB: JVNDB-2019-004584 // BID: 108338 // VULHUB: VHN-150665

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 1.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 1.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.1

Trust: 1.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:neversion:6.4

Trust: 0.3

sources: BID: 108338 // JVNDB: JVNDB-2019-004584 // NVD: CVE-2019-1833

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1833
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1833
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1833
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-699
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150665
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1833
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150665
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1833
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-150665 // JVNDB: JVNDB-2019-004584 // CNNVD: CNNVD-201905-699 // NVD: CVE-2019-1833 // NVD: CVE-2019-1833

PROBLEMTYPE DATA

problemtype:CWE-693

Trust: 1.9

sources: VULHUB: VHN-150665 // JVNDB: JVNDB-2019-004584 // NVD: CVE-2019-1833

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-699

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201905-699

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004584

PATCH
title:cisco-sa-20190515-ftd-ssltls-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-ftd-ssltls-bypass
Trust: 0.8
title:Cisco Firepower Threat Defense Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92823
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004584 // 
            
            
            
            CNNVD: CNNVD-201905-699

EXTERNAL IDS
db:NVDid:CVE-2019-1833
Trust: 2.8
db:BIDid:108338
Trust: 2.0
db:JVNDBid:JVNDB-2019-004584
Trust: 0.8
db:CNNVDid:CNNVD-201905-699
Trust: 0.7
db:AUSCERTid:ESB-2019.1778
Trust: 0.6
db:VULHUBid:VHN-150665
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150665 // 
            
            
            
            BID: 108338 // 
            
            
            
            JVNDB: JVNDB-2019-004584 // 
            
            
            
            CNNVD: CNNVD-201905-699 // 
            
            
            
            NVD: CVE-2019-1833

REFERENCES
url:http://www.securityfocus.com/bid/108338
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-ftd-ssltls-bypass
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1833
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1833
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-ftdde-poly-bypass
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.1778/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/81190
Trust: 0.6
sources:
            
            
            VULHUB: VHN-150665 // 
            
            
            
            BID: 108338 // 
            
            
            
            JVNDB: JVNDB-2019-004584 // 
            
            
            
            CNNVD: CNNVD-201905-699 // 
            
            
            
            NVD: CVE-2019-1833

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108338 // 
            
            
            
            CNNVD: CNNVD-201905-699

SOURCES
db:VULHUBid:VHN-150665
db:BIDid:108338
db:JVNDBid:JVNDB-2019-004584
db:CNNVDid:CNNVD-201905-699
db:NVDid:CVE-2019-1833

LAST UPDATE DATE
2024-08-14T14:45:21.345000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150665date:2019-10-09T00:00:00
db:BIDid:108338date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004584date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-699date:2019-05-22T00:00:00
db:NVDid:CVE-2019-1833date:2019-10-09T23:48:17.097

SOURCES RELEASE DATE
db:VULHUBid:VHN-150665date:2019-05-16T00:00:00
db:BIDid:108338date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004584date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-699date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1833date:2019-05-16T02:29:00.373