ID

VAR-201908-0852


CVE

CVE-2019-1945


TITLE

Cisco Adaptive Security Appliance Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007653

DESCRIPTION

Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. Cisco Adaptive Security Appliance (ASA) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources. An input validation error vulnerability exists in the smart tunnel feature in Cisco ASA Software. A local attacker can exploit this vulnerability by creating malicious system files and writing them to the file system to overwrite system files and execute malicious binary files

Trust: 1.71

sources: NVD: CVE-2019-1945 // JVNDB: JVNDB-2019-007653 // VULHUB: VHN-151897

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.4.4.37

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007653 // NVD: CVE-2019-1945

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1945
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1945
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1945
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-541
value: HIGH

Trust: 0.6

VULHUB: VHN-151897
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1945
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151897
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1945
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1945
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-151897 // JVNDB: JVNDB-2019-007653 // CNNVD: CNNVD-201908-541 // NVD: CVE-2019-1945 // NVD: CVE-2019-1945

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-151897 // JVNDB: JVNDB-2019-007653 // NVD: CVE-2019-1945

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-541

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-541

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007653

PATCH

title:cisco-sa-20190807-asa-multiurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-multi

Trust: 0.8

title:Cisco Adaptive Security Appliance Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96238

Trust: 0.6

sources: JVNDB: JVNDB-2019-007653 // CNNVD: CNNVD-201908-541

EXTERNAL IDS

db:NVDid:CVE-2019-1945

Trust: 2.5

db:JVNDBid:JVNDB-2019-007653

Trust: 0.8

db:CNNVDid:CNNVD-201908-541

Trust: 0.7

db:AUSCERTid:ESB-2019.2988

Trust: 0.6

db:VULHUBid:VHN-151897

Trust: 0.1

sources: VULHUB: VHN-151897 // JVNDB: JVNDB-2019-007653 // CNNVD: CNNVD-201908-541 // NVD: CVE-2019-1945

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-asa-multi

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1945

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1945

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-asa-privescala

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2988/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-privilege-escalation-via-smart-tunnel-29977

Trust: 0.6

sources: VULHUB: VHN-151897 // JVNDB: JVNDB-2019-007653 // CNNVD: CNNVD-201908-541 // NVD: CVE-2019-1945

SOURCES

db:VULHUBid:VHN-151897
db:JVNDBid:JVNDB-2019-007653
db:CNNVDid:CNNVD-201908-541
db:NVDid:CVE-2019-1945

LAST UPDATE DATE

2024-08-14T14:04:18.705000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-151897date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-007653date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-541date:2019-09-04T00:00:00
db:NVDid:CVE-2019-1945date:2019-10-09T23:48:38.567

SOURCES RELEASE DATE

db:VULHUBid:VHN-151897date:2019-08-07T00:00:00
db:JVNDBid:JVNDB-2019-007653date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-541date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1945date:2019-08-07T22:15:15.993