Details of VAR-201908-0852

ID

VAR-201908-0852

CVE

CVE-2019-1945

TITLE

Cisco Adaptive Security Appliance Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007653

DESCRIPTION

Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. Cisco Adaptive Security Appliance (ASA) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources. An input validation error vulnerability exists in the smart tunnel feature in Cisco ASA Software. A local attacker can exploit this vulnerability by creating malicious system files and writing them to the file system to overwrite system files and execute malicious binary files

Trust: 1.71

sources: NVD: CVE-2019-1945 // JVNDB: JVNDB-2019-007653 // VULHUB: VHN-151897

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.4.4.37	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-007653 // NVD: CVE-2019-1945

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1945
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1945
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1945
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-541
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151897
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1945
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151897
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1945
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1945
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-151897 // JVNDB: JVNDB-2019-007653 // CNNVD: CNNVD-201908-541 // NVD: CVE-2019-1945 // NVD: CVE-2019-1945

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-151897 // JVNDB: JVNDB-2019-007653 // NVD: CVE-2019-1945

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-541

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-541

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007653

PATCH

title:	cisco-sa-20190807-asa-multi	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-multi	Trust: 0.8
title:	Cisco Adaptive Security Appliance Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96238	Trust: 0.6

sources: JVNDB: JVNDB-2019-007653 // CNNVD: CNNVD-201908-541

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1945	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-007653	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-541	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2988	Trust: 0.6
db:	VULHUB	id:	VHN-151897	Trust: 0.1

sources: VULHUB: VHN-151897 // JVNDB: JVNDB-2019-007653 // CNNVD: CNNVD-201908-541 // NVD: CVE-2019-1945

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-asa-multi	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1945	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1945	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-asa-privescala	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2988/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-privilege-escalation-via-smart-tunnel-29977	Trust: 0.6

sources: VULHUB: VHN-151897 // JVNDB: JVNDB-2019-007653 // CNNVD: CNNVD-201908-541 // NVD: CVE-2019-1945

SOURCES

db:	VULHUB	id:	VHN-151897
db:	JVNDB	id:	JVNDB-2019-007653
db:	CNNVD	id:	CNNVD-201908-541
db:	NVD	id:	CVE-2019-1945

LAST UPDATE DATE

2024-08-14T14:04:18.705000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151897	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-007653	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-541	date:	2019-09-04T00:00:00
db:	NVD	id:	CVE-2019-1945	date:	2019-10-09T23:48:38.567

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151897	date:	2019-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-007653	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-541	date:	2019-08-07T00:00:00
db:	NVD	id:	CVE-2019-1945	date:	2019-08-07T22:15:15.993