ID

VAR-201910-0972


CVE

CVE-2019-15256


TITLE

Cisco Adaptive Security Appliance and Firepower Threat Defense Software depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010441

DESCRIPTION

A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. The attacker does not need valid credentials to authenticate the VPN session, nor does the attacker's source address need to match a peer statement in the crypto map applied to the ingress interface of the affected device. An exploit could allow the attacker to exhaust system memory resources, leading to a reload of an affected device. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources. system memory

Trust: 1.71

sources: NVD: CVE-2019-15256 // JVNDB: JVNDB-2019-010441 // VULHUB: VHN-147284

AFFECTED PRODUCTS

vendor:ciscomodel:asa 5550scope:eqversion:9.9\(2.4\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.2.5

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.2.0

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:9.9\(2.4\)

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:201.4\(1.21\)

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:201.4\(1.21\)

Trust: 1.0

vendor:ciscomodel:asa 5550scope:eqversion:201.4\(1.21\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.9.2.47

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.10

Trust: 1.0

vendor:ciscomodel:asa 5520scope:eqversion:9.9\(2.4\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.10.1.30

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.2.3.11

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:9.9\(2.4\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.12

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:201.4\(1.21\)

Trust: 1.0

vendor:ciscomodel:asa 5520scope:eqversion:201.4\(1.21\)

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:9.9\(2.4\)

Trust: 1.0

vendor:ciscomodel:asa 5510scope:eqversion:201.4\(1.21\)

Trust: 1.0

vendor:ciscomodel:asa 5510scope:eqversion:9.9\(2.4\)

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:201.4\(1.21\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

vendor:ciscomodel:asa 5540scope:eqversion:9.9\(2.4\)

Trust: 1.0

vendor:ciscomodel:asa 5540scope:eqversion:201.4\(1.21\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.2

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:9.9\(2.4\)

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:201.4\(1.21\)

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:9.9\(2.4\)

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:201.4\(1.21\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.3.0

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:9.9\(2.4\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4.10

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:9.9\(2.4\)

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:201.4\(1.21\)

Trust: 1.0

vendor:ciscomodel:asa 5505scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5510scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5512-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5515-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5520scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5525-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5540scope: - version: -

Trust: 0.8

vendor:ciscomodel:asa 5545-xscope: - version: -

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.921

Trust: 0.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.10

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.0

Trust: 0.6

vendor:ciscomodel:asa 5510scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:asa 5510scope:eqversion:201.41.21

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.0.3

Trust: 0.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.10.1.7

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.0.1

Trust: 0.6

vendor:ciscomodel:asa 5512-xscope:eqversion:9.92.4

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.0.2

Trust: 0.6

sources: JVNDB: JVNDB-2019-010441 // CNNVD: CNNVD-201910-070 // NVD: CVE-2019-15256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15256
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15256
value: HIGH

Trust: 1.0

NVD: CVE-2019-15256
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-070
value: HIGH

Trust: 0.6

VULHUB: VHN-147284
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15256
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147284
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-15256
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15256
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-147284 // JVNDB: JVNDB-2019-010441 // CNNVD: CNNVD-201910-070 // NVD: CVE-2019-15256 // NVD: CVE-2019-15256

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:CWE-399

Trust: 1.0

sources: VULHUB: VHN-147284 // JVNDB: JVNDB-2019-010441 // NVD: CVE-2019-15256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-070

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201910-070

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010441

PATCH

title:cisco-sa-20191002-asa-ftd-ikev1-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-ikev1-dos

Trust: 0.8

title:Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98806

Trust: 0.6

sources: JVNDB: JVNDB-2019-010441 // CNNVD: CNNVD-201910-070

EXTERNAL IDS

db:NVDid:CVE-2019-15256

Trust: 2.5

db:JVNDBid:JVNDB-2019-010441

Trust: 0.8

db:CNNVDid:CNNVD-201910-070

Trust: 0.7

db:AUSCERTid:ESB-2019.3698

Trust: 0.6

db:AUSCERTid:ESB-2019.3698.3

Trust: 0.6

db:VULHUBid:VHN-147284

Trust: 0.1

sources: VULHUB: VHN-147284 // JVNDB: JVNDB-2019-010441 // CNNVD: CNNVD-201910-070 // NVD: CVE-2019-15256

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-asa-ftd-ikev1-dos

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-15256

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15256

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.3698.3/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-ikev1-30506

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3698/

Trust: 0.6

sources: VULHUB: VHN-147284 // JVNDB: JVNDB-2019-010441 // CNNVD: CNNVD-201910-070 // NVD: CVE-2019-15256

SOURCES

db:VULHUBid:VHN-147284
db:JVNDBid:JVNDB-2019-010441
db:CNNVDid:CNNVD-201910-070
db:NVDid:CVE-2019-15256

LAST UPDATE DATE

2024-08-14T13:25:34.509000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-147284date:2019-10-10T00:00:00
db:JVNDBid:JVNDB-2019-010441date:2019-10-15T00:00:00
db:CNNVDid:CNNVD-201910-070date:2019-10-25T00:00:00
db:NVDid:CVE-2019-15256date:2023-08-15T15:24:56.340

SOURCES RELEASE DATE

db:VULHUBid:VHN-147284date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010441date:2019-10-15T00:00:00
db:CNNVDid:CNNVD-201910-070date:2019-10-02T00:00:00
db:NVDid:CVE-2019-15256date:2019-10-02T19:15:15.217