ID

VAR-201905-0599


CVE

CVE-2019-1833


TITLE

Cisco Firepower Threat Defense Vulnerability related to failure of protection mechanism in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-004584

DESCRIPTION

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies. The vulnerability is due to improper parsing of specific attributes in a TLS packet header. An attacker could exploit this vulnerability by sending malicious TLS messages to the affected system. A successful exploit could allow the attacker to bypass the configured policies for the system, which could allow traffic to flow through without being inspected. Cisco Firepower Threat Defense (FTD) The software is vulnerable to a defect in the protection mechanism.Information may be tampered with. This issue is being tracked by Cisco Bug CSCvi81022

Trust: 1.98

sources: NVD: CVE-2019-1833 // JVNDB: JVNDB-2019-004584 // BID: 108338 // VULHUB: VHN-150665

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 1.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 1.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.1

Trust: 1.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:neversion:6.4

Trust: 0.3

sources: BID: 108338 // JVNDB: JVNDB-2019-004584 // NVD: CVE-2019-1833

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1833
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1833
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1833
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-699
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150665
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1833
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150665
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1833
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-150665 // JVNDB: JVNDB-2019-004584 // CNNVD: CNNVD-201905-699 // NVD: CVE-2019-1833 // NVD: CVE-2019-1833

PROBLEMTYPE DATA

problemtype:CWE-693

Trust: 1.9

sources: VULHUB: VHN-150665 // JVNDB: JVNDB-2019-004584 // NVD: CVE-2019-1833

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-699

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201905-699

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004584

PATCH

title:cisco-sa-20190515-ftd-ssltls-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-ftd-ssltls-bypass

Trust: 0.8

title:Cisco Firepower Threat Defense Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92823

Trust: 0.6

sources: JVNDB: JVNDB-2019-004584 // CNNVD: CNNVD-201905-699

EXTERNAL IDS

db:NVDid:CVE-2019-1833

Trust: 2.8

db:BIDid:108338

Trust: 2.0

db:JVNDBid:JVNDB-2019-004584

Trust: 0.8

db:CNNVDid:CNNVD-201905-699

Trust: 0.7

db:AUSCERTid:ESB-2019.1778

Trust: 0.6

db:VULHUBid:VHN-150665

Trust: 0.1

sources: VULHUB: VHN-150665 // BID: 108338 // JVNDB: JVNDB-2019-004584 // CNNVD: CNNVD-201905-699 // NVD: CVE-2019-1833

REFERENCES

url:http://www.securityfocus.com/bid/108338

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-ftd-ssltls-bypass

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1833

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1833

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-ftdde-poly-bypass

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1778/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/81190

Trust: 0.6

sources: VULHUB: VHN-150665 // BID: 108338 // JVNDB: JVNDB-2019-004584 // CNNVD: CNNVD-201905-699 // NVD: CVE-2019-1833

CREDITS

Cisco

Trust: 0.9

sources: BID: 108338 // CNNVD: CNNVD-201905-699

SOURCES

db:VULHUBid:VHN-150665
db:BIDid:108338
db:JVNDBid:JVNDB-2019-004584
db:CNNVDid:CNNVD-201905-699
db:NVDid:CVE-2019-1833

LAST UPDATE DATE

2024-08-14T14:45:21.345000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-150665date:2019-10-09T00:00:00
db:BIDid:108338date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004584date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-699date:2019-05-22T00:00:00
db:NVDid:CVE-2019-1833date:2019-10-09T23:48:17.097

SOURCES RELEASE DATE

db:VULHUBid:VHN-150665date:2019-05-16T00:00:00
db:BIDid:108338date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004584date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-699date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1833date:2019-05-16T02:29:00.373