Sign-up

ID

VAR-201905-1319


CVE

CVE-2019-1706


TITLE

Cisco Adaptive Security Appliance Software improper resource shutdown and release vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004378

DESCRIPTION

A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition. This issue is being tracked by Cisco Bug ID CSCvk66732. Firepower 2100 Series is a 2100 series firewall appliance. ASA Software is one of those firewall and network security platforms. The platform provides features such as highly secure access to data and network resources

Trust: 1.98

sources: NVD: CVE-2019-1706 // JVNDB: JVNDB-2019-004378 // BID: 108144 // VULHUB: VHN-149268

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:9.9.2.50

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower seriesscope:eqversion:21000

Trust: 0.3

vendor:ciscomodel:asa series firewallsscope:eqversion:5500-x9.9(2.19)

Trust: 0.3

vendor:ciscomodel:asa series firewallsscope:eqversion:5500-x101.5(1.71)

Trust: 0.3

vendor:ciscomodel:asa series firewallsscope:eqversion:5500-x101.5(1.66)

Trust: 0.3

vendor:ciscomodel:adaptive security virtual appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.9.2.18

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.9

Trust: 0.3

sources: BID: 108144 // JVNDB: JVNDB-2019-004378 // NVD: CVE-2019-1706

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1706
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1706
value: HIGH

Trust: 1.0

NVD: CVE-2019-1706
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-017
value: HIGH

Trust: 0.6

VULHUB: VHN-149268
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1706
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149268
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1706
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1706
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-149268 // JVNDB: JVNDB-2019-004378 // CNNVD: CNNVD-201905-017 // NVD: CVE-2019-1706 // NVD: CVE-2019-1706

PROBLEMTYPE DATA

problemtype:CWE-404

Trust: 1.9

problemtype:CWE-327

Trust: 1.0

sources: VULHUB: VHN-149268 // JVNDB: JVNDB-2019-004378 // NVD: CVE-2019-1706

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-017

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-017

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004378

PATCH
title:cisco-sa-20190501-asa-ipsec-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ipsec-dos
Trust: 0.8
title:Cisco Adaptive Security Appliances Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92168
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004378 // 
            
            
            
            CNNVD: CNNVD-201905-017

EXTERNAL IDS
db:NVDid:CVE-2019-1706
Trust: 2.8
db:BIDid:108144
Trust: 1.0
db:JVNDBid:JVNDB-2019-004378
Trust: 0.8
db:CNNVDid:CNNVD-201905-017
Trust: 0.7
db:AUSCERTid:ESB-2019.1519
Trust: 0.6
db:VULHUBid:VHN-149268
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149268 // 
            
            
            
            BID: 108144 // 
            
            
            
            JVNDB: JVNDB-2019-004378 // 
            
            
            
            CNNVD: CNNVD-201905-017 // 
            
            
            
            NVD: CVE-2019-1706

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-ipsec-dos
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1706
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1706
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-csrf
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-ipsec-29200
Trust: 0.6
url:https://www.auscert.org.au/bulletins/80114
Trust: 0.6
url:https://www.securityfocus.com/bid/108144
Trust: 0.6
sources:
            
            
            VULHUB: VHN-149268 // 
            
            
            
            BID: 108144 // 
            
            
            
            JVNDB: JVNDB-2019-004378 // 
            
            
            
            CNNVD: CNNVD-201905-017 // 
            
            
            
            NVD: CVE-2019-1706

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108144 // 
            
            
            
            CNNVD: CNNVD-201905-017

SOURCES
db:VULHUBid:VHN-149268
db:BIDid:108144
db:JVNDBid:JVNDB-2019-004378
db:CNNVDid:CNNVD-201905-017
db:NVDid:CVE-2019-1706

LAST UPDATE DATE
2024-08-14T12:33:09.253000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-149268date:2019-10-09T00:00:00
db:BIDid:108144date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004378date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-017date:2021-11-02T00:00:00
db:NVDid:CVE-2019-1706date:2023-08-15T15:24:56.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-149268date:2019-05-03T00:00:00
db:BIDid:108144date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004378date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-017date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1706date:2019-05-03T16:29:00.617