Details of VAR-201910-0332

ID

VAR-201910-0332

CVE

CVE-2019-12678

TITLE

Cisco Adaptive Security Appliance and Firepower Threat Defense Software integer underflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010355

DESCRIPTION

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP packet through an affected device. A successful exploit could allow the attacker to trigger an integer underflow, causing the software to try to read unmapped memory and resulting in a crash. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources

Trust: 1.71

sources: NVD: CVE-2019-12678 // JVNDB: JVNDB-2019-010355 // VULHUB: VHN-144448

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.5	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.3.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	lt	version:	9.4.4.37	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.10.1.27	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.2.1	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.2.3.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.12	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.3.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.6.4.34	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.2.56	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.2	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.6	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.4.2.11	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.1.7.4	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.2.4.8	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.4	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.3	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.5.2.5	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.5	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	9.3.3.9	Trust: 0.6

sources: JVNDB: JVNDB-2019-010355 // CNNVD: CNNVD-201910-062 // NVD: CVE-2019-12678

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12678
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12678
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12678
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201910-062
value:	HIGH
Trust: 0.6
VULHUB:	VHN-144448
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-12678
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-144448
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12678
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12678
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-12678
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-144448 // JVNDB: JVNDB-2019-010355 // CNNVD: CNNVD-201910-062 // NVD: CVE-2019-12678 // NVD: CVE-2019-12678

PROBLEMTYPE DATA

problemtype:

CWE-191

Trust: 1.9

sources: VULHUB: VHN-144448 // JVNDB: JVNDB-2019-010355 // NVD: CVE-2019-12678

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-062

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201910-062

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010355

PATCH

title:	cisco-sa-20191002-asa-ftd-sip-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-sip-dos	Trust: 0.8
title:	Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Fixes for digital error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98799	Trust: 0.6

sources: JVNDB: JVNDB-2019-010355 // CNNVD: CNNVD-201910-062

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12678	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-010355	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-062	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3698	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3698.3	Trust: 0.6
db:	VULHUB	id:	VHN-144448	Trust: 0.1

sources: VULHUB: VHN-144448 // JVNDB: JVNDB-2019-010355 // CNNVD: CNNVD-201910-062 // NVD: CVE-2019-12678

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ftd-sip-dos	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12678	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12678	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.3698.3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3698/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-sip-inspection-30507	Trust: 0.6

sources: VULHUB: VHN-144448 // JVNDB: JVNDB-2019-010355 // CNNVD: CNNVD-201910-062 // NVD: CVE-2019-12678

SOURCES

db:	VULHUB	id:	VHN-144448
db:	JVNDB	id:	JVNDB-2019-010355
db:	CNNVD	id:	CNNVD-201910-062
db:	NVD	id:	CVE-2019-12678

LAST UPDATE DATE

2024-08-14T13:25:34.477000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-144448	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-010355	date:	2019-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201910-062	date:	2019-10-25T00:00:00
db:	NVD	id:	CVE-2019-12678	date:	2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-144448	date:	2019-10-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-010355	date:	2019-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201910-062	date:	2019-10-02T00:00:00
db:	NVD	id:	CVE-2019-12678	date:	2019-10-02T19:15:12.390