ID

VAR-201910-0330


CVE

CVE-2019-12676


TITLE

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010494

DESCRIPTION

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerability by sending a crafted LSA type 11 OSPF packet to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. \. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources

Trust: 1.71

sources: NVD: CVE-2019-12676 // JVNDB: JVNDB-2019-010494 // VULHUB: VHN-144446

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliancescope:ltversion:9.6.4.34

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.10

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.10.1.27

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.9.2.59

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.2.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.12

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4.8

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010494 // NVD: CVE-2019-12676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12676
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12676
value: HIGH

Trust: 1.0

NVD: CVE-2019-12676
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-061
value: HIGH

Trust: 0.6

VULHUB: VHN-144446
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-12676
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144446
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12676
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12676
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144446 // JVNDB: JVNDB-2019-010494 // CNNVD: CNNVD-201910-061 // NVD: CVE-2019-12676 // NVD: CVE-2019-12676

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-144446 // JVNDB: JVNDB-2019-010494 // NVD: CVE-2019-12676

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201910-061

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-061

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010494

PATCH

title:cisco-sa-20191002-asa-ospf-lsa-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos

Trust: 0.8

title:Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98798

Trust: 0.6

sources: JVNDB: JVNDB-2019-010494 // CNNVD: CNNVD-201910-061

EXTERNAL IDS

db:NVDid:CVE-2019-12676

Trust: 2.5

db:JVNDBid:JVNDB-2019-010494

Trust: 0.8

db:CNNVDid:CNNVD-201910-061

Trust: 0.7

db:AUSCERTid:ESB-2019.3698

Trust: 0.6

db:AUSCERTid:ESB-2019.3698.3

Trust: 0.6

db:VULHUBid:VHN-144446

Trust: 0.1

sources: VULHUB: VHN-144446 // JVNDB: JVNDB-2019-010494 // CNNVD: CNNVD-201910-061 // NVD: CVE-2019-12676

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ospf-lsa-dos

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12676

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12676

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ftd-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ftd-sip-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ftd-ikev1-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-scp-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ssl-vpn-dos

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3698.3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3698/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-ospf-lsa-processing-30508

Trust: 0.6

sources: VULHUB: VHN-144446 // JVNDB: JVNDB-2019-010494 // CNNVD: CNNVD-201910-061 // NVD: CVE-2019-12676

SOURCES

db:VULHUBid:VHN-144446
db:JVNDBid:JVNDB-2019-010494
db:CNNVDid:CNNVD-201910-061
db:NVDid:CVE-2019-12676

LAST UPDATE DATE

2024-08-14T13:25:34.588000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144446date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-010494date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-061date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12676date:2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:VULHUBid:VHN-144446date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010494date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-061date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12676date:2019-10-02T19:15:12.263