ID

VAR-201907-0238


CVE

CVE-2019-1873


TITLE

Cisco Adaptive Security Appliance and Firepower Threat Defense Software depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006519

DESCRIPTION

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability. Cisco ASA Software and FTD Software are prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvp36425. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources

Trust: 1.98

sources: NVD: CVE-2019-1873 // JVNDB: JVNDB-2019-006519 // BID: 109123 // VULHUB: VHN-151105

AFFECTED PRODUCTS

vendor:ciscomodel:asa 5516-xscope:eqversion:9.6\(4.16\)

Trust: 1.0

vendor:ciscomodel:asa 5516-xscope:eqversion:9.8\(3.8\)

Trust: 1.0

vendor:ciscomodel:asa 5506h-xscope:eqversion:9.6\(4.16\)

Trust: 1.0

vendor:ciscomodel:asa 5506h-xscope:eqversion:9.8\(3.8\)

Trust: 1.0

vendor:ciscomodel:asa 5506-xscope:eqversion:9.8\(3.8\)

Trust: 1.0

vendor:ciscomodel:asa 5506w-xscope:eqversion:9.6\(4.16\)

Trust: 1.0

vendor:ciscomodel:asa 5506w-xscope:eqversion:9.8\(3.8\)

Trust: 1.0

vendor:ciscomodel:asa 5508-xscope:eqversion:9.6\(4.16\)

Trust: 1.0

vendor:ciscomodel:asa 5508-xscope:eqversion:9.8\(3.8\)

Trust: 1.0

vendor:ciscomodel:asa 5506-xscope:eqversion:9.6\(4.16\)

Trust: 1.0

vendor:ciscomodel:asa 5506-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5506h-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5506w-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5508-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5516-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.4

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.0.1(1)

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.0(1)

Trust: 0.3

vendor:ciscomodel:asa5506h-xscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asa5506-xscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asa with firepower servicesscope:eqversion:5516-x0

Trust: 0.3

vendor:ciscomodel:asa with firepower servicesscope:eqversion:5508-x0

Trust: 0.3

vendor:ciscomodel:asa 5506w-x w/ firepower servicesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asa 5506h-x with firepower servicesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asa with firepower servicesscope:eqversion:5506-x0

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.4

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.3

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.2

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.9

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.8

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.7(1)

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.6

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.5(1)

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.12

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.10

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1

Trust: 0.3

vendor:ciscomodel:adaptive security appliancescope:eqversion:5516-x

Trust: 0.3

vendor:ciscomodel:adaptive security appliancescope:eqversion:5508-x

Trust: 0.3

vendor:ciscomodel:adaptive security appliance 5506w-xscope: - version: -

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:neversion:6.4.0.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:neversion:6.2.3.13

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.12.2

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.9.2.52

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.8.4.3

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.6.4.29

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.4.4.36

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:neversion:9.10.1.22

Trust: 0.3

sources: BID: 109123 // JVNDB: JVNDB-2019-006519 // NVD: CVE-2019-1873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1873
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1873
value: HIGH

Trust: 1.0

NVD: CVE-2019-1873
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-581
value: HIGH

Trust: 0.6

VULHUB: VHN-151105
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1873
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151105
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1873
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1873
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-1873
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151105 // JVNDB: JVNDB-2019-006519 // CNNVD: CNNVD-201907-581 // NVD: CVE-2019-1873 // NVD: CVE-2019-1873

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-151105 // JVNDB: JVNDB-2019-006519 // NVD: CVE-2019-1873

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-581

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201907-581

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006519

PATCH

title:cisco-sa-20190710-asa-ftd-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos

Trust: 0.8

sources: JVNDB: JVNDB-2019-006519

EXTERNAL IDS

db:NVDid:CVE-2019-1873

Trust: 2.8

db:BIDid:109123

Trust: 2.0

db:JVNDBid:JVNDB-2019-006519

Trust: 0.8

db:CNNVDid:CNNVD-201907-581

Trust: 0.7

db:AUSCERTid:ESB-2019.2546

Trust: 0.6

db:CNVDid:CNVD-2020-29600

Trust: 0.1

db:VULHUBid:VHN-151105

Trust: 0.1

sources: VULHUB: VHN-151105 // BID: 109123 // JVNDB: JVNDB-2019-006519 // CNNVD: CNNVD-201907-581 // NVD: CVE-2019-1873

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190710-asa-ftd-dos

Trust: 2.0

url:http://www.securityfocus.com/bid/109123

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1873

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1873

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.2546/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-tls-ssl-driver-29739

Trust: 0.6

sources: VULHUB: VHN-151105 // BID: 109123 // JVNDB: JVNDB-2019-006519 // CNNVD: CNNVD-201907-581 // NVD: CVE-2019-1873

CREDITS

Cisco

Trust: 0.9

sources: BID: 109123 // CNNVD: CNNVD-201907-581

SOURCES

db:VULHUBid:VHN-151105
db:BIDid:109123
db:JVNDBid:JVNDB-2019-006519
db:CNNVDid:CNNVD-201907-581
db:NVDid:CVE-2019-1873

LAST UPDATE DATE

2024-11-23T22:30:00.615000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-151105date:2020-10-16T00:00:00
db:BIDid:109123date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2019-006519date:2019-07-23T00:00:00
db:CNNVDid:CNNVD-201907-581date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1873date:2024-11-21T04:37:35.247

SOURCES RELEASE DATE

db:VULHUBid:VHN-151105date:2019-07-10T00:00:00
db:BIDid:109123date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2019-006519date:2019-07-23T00:00:00
db:CNNVDid:CNNVD-201907-581date:2019-07-10T00:00:00
db:NVDid:CVE-2019-1873date:2019-07-10T18:15:11.003