Details of VAR-201910-0330

ID

VAR-201910-0330

CVE

CVE-2019-12676

TITLE

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010494

DESCRIPTION

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerability by sending a crafted LSA type 11 OSPF packet to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. \. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources

Trust: 1.71

sources: NVD: CVE-2019-12676 // JVNDB: JVNDB-2019-010494 // VULHUB: VHN-144446

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.3.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	lt	version:	9.6.4.34	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.10.1.27	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.2.59	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-010494 // NVD: CVE-2019-12676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12676
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12676
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12676
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201910-061
value:	HIGH
Trust: 0.6
VULHUB:	VHN-144446
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-12676
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-144446
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-12676
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-12676
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-144446 // JVNDB: JVNDB-2019-010494 // CNNVD: CNNVD-201910-061 // NVD: CVE-2019-12676 // NVD: CVE-2019-12676

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-144446 // JVNDB: JVNDB-2019-010494 // NVD: CVE-2019-12676

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201910-061

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-061

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010494

PATCH

title:	cisco-sa-20191002-asa-ospf-lsa-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos	Trust: 0.8
title:	Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98798	Trust: 0.6

sources: JVNDB: JVNDB-2019-010494 // CNNVD: CNNVD-201910-061

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12676	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-010494	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-061	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3698	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3698.3	Trust: 0.6
db:	VULHUB	id:	VHN-144446	Trust: 0.1

sources: VULHUB: VHN-144446 // JVNDB: JVNDB-2019-010494 // CNNVD: CNNVD-201910-061 // NVD: CVE-2019-12676

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ospf-lsa-dos	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12676	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12676	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-xss	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ftd-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ftd-sip-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ftd-ikev1-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-scp-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ssl-vpn-dos	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3698.3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3698/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-ospf-lsa-processing-30508	Trust: 0.6

sources: VULHUB: VHN-144446 // JVNDB: JVNDB-2019-010494 // CNNVD: CNNVD-201910-061 // NVD: CVE-2019-12676

SOURCES

db:	VULHUB	id:	VHN-144446
db:	JVNDB	id:	JVNDB-2019-010494
db:	CNNVD	id:	CNNVD-201910-061
db:	NVD	id:	CVE-2019-12676

LAST UPDATE DATE

2024-08-14T13:25:34.588000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-144446	date:	2020-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-010494	date:	2019-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201910-061	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-12676	date:	2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-144446	date:	2019-10-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-010494	date:	2019-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201910-061	date:	2019-10-02T00:00:00
db:	NVD	id:	CVE-2019-12676	date:	2019-10-02T19:15:12.263