ID

VAR-201908-0543


CVE

CVE-2019-1934


TITLE

Cisco Adaptive Security Appliance Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007659

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login. Cisco Adaptive Security Appliance (ASA) Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources. There is an authorization problem vulnerability in Cisco ASA Software 8.2 and later versions

Trust: 1.71

sources: NVD: CVE-2019-1934 // JVNDB: JVNDB-2019-007659 // VULHUB: VHN-151776

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:8.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007659 // NVD: CVE-2019-1934

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1934
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1934
value: HIGH

Trust: 1.0

NVD: CVE-2019-1934
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-546
value: HIGH

Trust: 0.6

VULHUB: VHN-151776
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1934
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151776
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1934
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1934
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-151776 // JVNDB: JVNDB-2019-007659 // CNNVD: CNNVD-201908-546 // NVD: CVE-2019-1934 // NVD: CVE-2019-1934

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-151776 // JVNDB: JVNDB-2019-007659 // NVD: CVE-2019-1934

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-546

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-546

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007659

PATCH

title:cisco-sa-20190807-asa-privescalaurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-privescala

Trust: 0.8

title:Cisco Adaptive Security Appliance Software Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96243

Trust: 0.6

sources: JVNDB: JVNDB-2019-007659 // CNNVD: CNNVD-201908-546

EXTERNAL IDS

db:NVDid:CVE-2019-1934

Trust: 2.5

db:JVNDBid:JVNDB-2019-007659

Trust: 0.8

db:CNNVDid:CNNVD-201908-546

Trust: 0.7

db:AUSCERTid:ESB-2019.2988

Trust: 0.6

db:VULHUBid:VHN-151776

Trust: 0.1

sources: VULHUB: VHN-151776 // JVNDB: JVNDB-2019-007659 // CNNVD: CNNVD-201908-546 // NVD: CVE-2019-1934

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-asa-privescala

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1934

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1934

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-asa-multi

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2988/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-privilege-escalation-via-web-based-management-interface-29978

Trust: 0.6

sources: VULHUB: VHN-151776 // JVNDB: JVNDB-2019-007659 // CNNVD: CNNVD-201908-546 // NVD: CVE-2019-1934

CREDITS

Qian Chen of the Qihoo 360 Nirvan Team .

Trust: 0.6

sources: CNNVD: CNNVD-201908-546

SOURCES

db:VULHUBid:VHN-151776
db:JVNDBid:JVNDB-2019-007659
db:CNNVDid:CNNVD-201908-546
db:NVDid:CVE-2019-1934

LAST UPDATE DATE

2024-08-14T14:04:18.732000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-151776date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-007659date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-546date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1934date:2023-08-11T19:03:30.373

SOURCES RELEASE DATE

db:VULHUBid:VHN-151776date:2019-08-07T00:00:00
db:JVNDBid:JVNDB-2019-007659date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-546date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1934date:2019-08-07T22:15:15.837