ID

VAR-201905-1319


CVE

CVE-2019-1706


TITLE

Cisco Adaptive Security Appliance Software improper resource shutdown and release vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004378

DESCRIPTION

A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition. This issue is being tracked by Cisco Bug ID CSCvk66732. Firepower 2100 Series is a 2100 series firewall appliance. ASA Software is one of those firewall and network security platforms. The platform provides features such as highly secure access to data and network resources

Trust: 1.98

sources: NVD: CVE-2019-1706 // JVNDB: JVNDB-2019-004378 // BID: 108144 // VULHUB: VHN-149268

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:9.9.2.50

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower seriesscope:eqversion:21000

Trust: 0.3

vendor:ciscomodel:asa series firewallsscope:eqversion:5500-x9.9(2.19)

Trust: 0.3

vendor:ciscomodel:asa series firewallsscope:eqversion:5500-x101.5(1.71)

Trust: 0.3

vendor:ciscomodel:asa series firewallsscope:eqversion:5500-x101.5(1.66)

Trust: 0.3

vendor:ciscomodel:adaptive security virtual appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.9.2.18

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.9

Trust: 0.3

sources: BID: 108144 // JVNDB: JVNDB-2019-004378 // NVD: CVE-2019-1706

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1706
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1706
value: HIGH

Trust: 1.0

NVD: CVE-2019-1706
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-017
value: HIGH

Trust: 0.6

VULHUB: VHN-149268
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1706
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149268
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1706
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1706
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-149268 // JVNDB: JVNDB-2019-004378 // CNNVD: CNNVD-201905-017 // NVD: CVE-2019-1706 // NVD: CVE-2019-1706

PROBLEMTYPE DATA

problemtype:CWE-404

Trust: 1.9

problemtype:CWE-327

Trust: 1.0

sources: VULHUB: VHN-149268 // JVNDB: JVNDB-2019-004378 // NVD: CVE-2019-1706

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-017

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-017

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004378

PATCH

title:cisco-sa-20190501-asa-ipsec-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ipsec-dos

Trust: 0.8

title:Cisco Adaptive Security Appliances Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92168

Trust: 0.6

sources: JVNDB: JVNDB-2019-004378 // CNNVD: CNNVD-201905-017

EXTERNAL IDS

db:NVDid:CVE-2019-1706

Trust: 2.8

db:BIDid:108144

Trust: 1.0

db:JVNDBid:JVNDB-2019-004378

Trust: 0.8

db:CNNVDid:CNNVD-201905-017

Trust: 0.7

db:AUSCERTid:ESB-2019.1519

Trust: 0.6

db:VULHUBid:VHN-149268

Trust: 0.1

sources: VULHUB: VHN-149268 // BID: 108144 // JVNDB: JVNDB-2019-004378 // CNNVD: CNNVD-201905-017 // NVD: CVE-2019-1706

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-ipsec-dos

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1706

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1706

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-asa-csrf

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-ipsec-29200

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80114

Trust: 0.6

url:https://www.securityfocus.com/bid/108144

Trust: 0.6

sources: VULHUB: VHN-149268 // BID: 108144 // JVNDB: JVNDB-2019-004378 // CNNVD: CNNVD-201905-017 // NVD: CVE-2019-1706

CREDITS

Cisco

Trust: 0.9

sources: BID: 108144 // CNNVD: CNNVD-201905-017

SOURCES

db:VULHUBid:VHN-149268
db:BIDid:108144
db:JVNDBid:JVNDB-2019-004378
db:CNNVDid:CNNVD-201905-017
db:NVDid:CVE-2019-1706

LAST UPDATE DATE

2024-08-14T12:33:09.253000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149268date:2019-10-09T00:00:00
db:BIDid:108144date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004378date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-017date:2021-11-02T00:00:00
db:NVDid:CVE-2019-1706date:2023-08-15T15:24:56.340

SOURCES RELEASE DATE

db:VULHUBid:VHN-149268date:2019-05-03T00:00:00
db:BIDid:108144date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004378date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-017date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1706date:2019-05-03T16:29:00.617