ID

VAR-201910-0332


CVE

CVE-2019-12678


TITLE

Cisco Adaptive Security Appliance and Firepower Threat Defense Software integer underflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010355

DESCRIPTION

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP packet through an affected device. A successful exploit could allow the attacker to trigger an integer underflow, causing the software to try to read unmapped memory and resulting in a crash. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources

Trust: 1.71

sources: NVD: CVE-2019-12678 // JVNDB: JVNDB-2019-010355 // VULHUB: VHN-144448

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.5

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliancescope:ltversion:9.4.4.37

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.10

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.10.1.27

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.2.1

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.2.3.15

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.12

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.3.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.6.4.34

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.9.2.56

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.2

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.6

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.4.2.11

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.1.7.4

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.2.4.8

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.4

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.3

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.5.2.5

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.5

Trust: 0.6

vendor:ciscomodel:adaptive security appliancescope:eqversion:9.3.3.9

Trust: 0.6

sources: JVNDB: JVNDB-2019-010355 // CNNVD: CNNVD-201910-062 // NVD: CVE-2019-12678

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12678
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12678
value: HIGH

Trust: 1.0

NVD: CVE-2019-12678
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-062
value: HIGH

Trust: 0.6

VULHUB: VHN-144448
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12678
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144448
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12678
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12678
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-12678
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144448 // JVNDB: JVNDB-2019-010355 // CNNVD: CNNVD-201910-062 // NVD: CVE-2019-12678 // NVD: CVE-2019-12678

PROBLEMTYPE DATA

problemtype:CWE-191

Trust: 1.9

sources: VULHUB: VHN-144448 // JVNDB: JVNDB-2019-010355 // NVD: CVE-2019-12678

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-062

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201910-062

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010355

PATCH

title:cisco-sa-20191002-asa-ftd-sip-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-sip-dos

Trust: 0.8

title:Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Fixes for digital error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98799

Trust: 0.6

sources: JVNDB: JVNDB-2019-010355 // CNNVD: CNNVD-201910-062

EXTERNAL IDS

db:NVDid:CVE-2019-12678

Trust: 2.5

db:JVNDBid:JVNDB-2019-010355

Trust: 0.8

db:CNNVDid:CNNVD-201910-062

Trust: 0.7

db:AUSCERTid:ESB-2019.3698

Trust: 0.6

db:AUSCERTid:ESB-2019.3698.3

Trust: 0.6

db:VULHUBid:VHN-144448

Trust: 0.1

sources: VULHUB: VHN-144448 // JVNDB: JVNDB-2019-010355 // CNNVD: CNNVD-201910-062 // NVD: CVE-2019-12678

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ftd-sip-dos

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12678

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12678

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.3698.3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3698/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-sip-inspection-30507

Trust: 0.6

sources: VULHUB: VHN-144448 // JVNDB: JVNDB-2019-010355 // CNNVD: CNNVD-201910-062 // NVD: CVE-2019-12678

SOURCES

db:VULHUBid:VHN-144448
db:JVNDBid:JVNDB-2019-010355
db:CNNVDid:CNNVD-201910-062
db:NVDid:CVE-2019-12678

LAST UPDATE DATE

2024-08-14T13:25:34.477000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144448date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010355date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-062date:2019-10-25T00:00:00
db:NVDid:CVE-2019-12678date:2023-08-16T16:17:07.960

SOURCES RELEASE DATE

db:VULHUBid:VHN-144448date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010355date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-062date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12678date:2019-10-02T19:15:12.390