Details of VAR-201907-0238

ID

VAR-201907-0238

CVE

CVE-2019-1873

TITLE

Cisco Adaptive Security Appliance and Firepower Threat Defense Software depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006519

DESCRIPTION

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability. Cisco ASA Software and FTD Software are prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvp36425. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources

Trust: 1.98

sources: NVD: CVE-2019-1873 // JVNDB: JVNDB-2019-006519 // BID: 109123 // VULHUB: VHN-151105

AFFECTED PRODUCTS

vendor:	cisco	model:	asa 5516-x	scope:	eq	version:	9.6\(4.16\)	Trust: 1.0
vendor:	cisco	model:	asa 5508-x	scope:	eq	version:	9.6\(4.16\)	Trust: 1.0
vendor:	cisco	model:	asa 5506w-x	scope:	eq	version:	9.8\(3.8\)	Trust: 1.0
vendor:	cisco	model:	asa 5506-x	scope:	eq	version:	9.8\(3.8\)	Trust: 1.0
vendor:	cisco	model:	asa 5506h-x	scope:	eq	version:	9.8\(3.8\)	Trust: 1.0
vendor:	cisco	model:	asa 5506w-x	scope:	eq	version:	9.6\(4.16\)	Trust: 1.0
vendor:	cisco	model:	asa 5516-x	scope:	eq	version:	9.8\(3.8\)	Trust: 1.0
vendor:	cisco	model:	asa 5506-x	scope:	eq	version:	9.6\(4.16\)	Trust: 1.0
vendor:	cisco	model:	asa 5508-x	scope:	eq	version:	9.8\(3.8\)	Trust: 1.0
vendor:	cisco	model:	asa 5506h-x	scope:	eq	version:	9.6\(4.16\)	Trust: 1.0
vendor:	cisco	model:	asa 5506-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5506h-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5506w-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5508-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asa 5516-x	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.3	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.1	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.4	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.3	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.0.1(1)	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.0(1)	Trust: 0.3
vendor:	cisco	model:	asa5506h-x	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asa5506-x	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asa with firepower services	scope:	eq	version:	5516-x0	Trust: 0.3
vendor:	cisco	model:	asa with firepower services	scope:	eq	version:	5508-x0	Trust: 0.3
vendor:	cisco	model:	asa 5506w-x w/ firepower services	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asa 5506h-x with firepower services	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asa with firepower services	scope:	eq	version:	5506-x0	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.9	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.7(1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5(1)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.12	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.10	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	5516-x	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	5508-x	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance 5506w-x	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	ne	version:	6.4.0.2	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	ne	version:	6.2.3.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.12.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.9.2.52	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.8.4.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.6.4.29	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.4.4.36	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.10.1.22	Trust: 0.3

sources: BID: 109123 // JVNDB: JVNDB-2019-006519 // NVD: CVE-2019-1873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1873
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1873
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1873
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-581
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151105
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1873
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151105
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1873
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1873
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1873
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-151105 // JVNDB: JVNDB-2019-006519 // CNNVD: CNNVD-201907-581 // NVD: CVE-2019-1873 // NVD: CVE-2019-1873

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.9
problemtype:	CWE-20	Trust: 1.1

sources: VULHUB: VHN-151105 // JVNDB: JVNDB-2019-006519 // NVD: CVE-2019-1873

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-581

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201907-581

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006519

PATCH

title:

cisco-sa-20190710-asa-ftd-dos

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos

Trust: 0.8

sources: JVNDB: JVNDB-2019-006519

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1873	Trust: 2.8
db:	BID	id:	109123	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-006519	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-581	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2546	Trust: 0.6
db:	CNVD	id:	CNVD-2020-29600	Trust: 0.1
db:	VULHUB	id:	VHN-151105	Trust: 0.1

sources: VULHUB: VHN-151105 // BID: 109123 // JVNDB: JVNDB-2019-006519 // CNNVD: CNNVD-201907-581 // NVD: CVE-2019-1873

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190710-asa-ftd-dos	Trust: 2.0
url:	http://www.securityfocus.com/bid/109123	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1873	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1873	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.2546/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-tls-ssl-driver-29739	Trust: 0.6

sources: VULHUB: VHN-151105 // BID: 109123 // JVNDB: JVNDB-2019-006519 // CNNVD: CNNVD-201907-581 // NVD: CVE-2019-1873

CREDITS

Cisco

Trust: 0.9

sources: BID: 109123 // CNNVD: CNNVD-201907-581

SOURCES

db:	VULHUB	id:	VHN-151105
db:	BID	id:	109123
db:	JVNDB	id:	JVNDB-2019-006519
db:	CNNVD	id:	CNNVD-201907-581
db:	NVD	id:	CVE-2019-1873

LAST UPDATE DATE

2024-08-14T15:12:47.018000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151105	date:	2020-10-16T00:00:00
db:	BID	id:	109123	date:	2019-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-006519	date:	2019-07-23T00:00:00
db:	CNNVD	id:	CNNVD-201907-581	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2019-1873	date:	2020-10-16T15:11:28.727

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151105	date:	2019-07-10T00:00:00
db:	BID	id:	109123	date:	2019-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-006519	date:	2019-07-23T00:00:00
db:	CNNVD	id:	CNNVD-201907-581	date:	2019-07-10T00:00:00
db:	NVD	id:	CVE-2019-1873	date:	2019-07-10T18:15:11.003