Details of VAR-201908-0543

ID

VAR-201908-0543

CVE

CVE-2019-1934

TITLE

Cisco Adaptive Security Appliance Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007659

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login. Cisco Adaptive Security Appliance (ASA) Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources. There is an authorization problem vulnerability in Cisco ASA Software 8.2 and later versions

Trust: 1.71

sources: NVD: CVE-2019-1934 // JVNDB: JVNDB-2019-007659 // VULHUB: VHN-151776

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	8.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-007659 // NVD: CVE-2019-1934

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1934
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1934
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1934
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-546
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151776
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1934
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151776
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1934
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1934
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-151776 // JVNDB: JVNDB-2019-007659 // CNNVD: CNNVD-201908-546 // NVD: CVE-2019-1934 // NVD: CVE-2019-1934

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.9
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: VULHUB: VHN-151776 // JVNDB: JVNDB-2019-007659 // NVD: CVE-2019-1934

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-546

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-546

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007659

PATCH

title:	cisco-sa-20190807-asa-privescala	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-privescala	Trust: 0.8
title:	Cisco Adaptive Security Appliance Software Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96243	Trust: 0.6

sources: JVNDB: JVNDB-2019-007659 // CNNVD: CNNVD-201908-546

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1934	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-007659	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-546	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2988	Trust: 0.6
db:	VULHUB	id:	VHN-151776	Trust: 0.1

sources: VULHUB: VHN-151776 // JVNDB: JVNDB-2019-007659 // CNNVD: CNNVD-201908-546 // NVD: CVE-2019-1934

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-asa-privescala	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1934	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1934	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-asa-multi	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2988/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-privilege-escalation-via-web-based-management-interface-29978	Trust: 0.6

sources: VULHUB: VHN-151776 // JVNDB: JVNDB-2019-007659 // CNNVD: CNNVD-201908-546 // NVD: CVE-2019-1934

CREDITS

Qian Chen of the Qihoo 360 Nirvan Team .

Trust: 0.6

sources: CNNVD: CNNVD-201908-546

SOURCES

db:	VULHUB	id:	VHN-151776
db:	JVNDB	id:	JVNDB-2019-007659
db:	CNNVD	id:	CNNVD-201908-546
db:	NVD	id:	CVE-2019-1934

LAST UPDATE DATE

2024-08-14T14:04:18.732000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151776	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-007659	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-546	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2019-1934	date:	2023-08-11T19:03:30.373

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151776	date:	2019-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-007659	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-546	date:	2019-08-07T00:00:00
db:	NVD	id:	CVE-2019-1934	date:	2019-08-07T22:15:15.837