ID

VAR-202009-0483


CVE

CVE-2019-16028


TITLE

Cisco Firepower Management Center  Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016046

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device. Cisco Firepower Management Center (FMC) Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. The following products and versions are affected: Cisco Firepower Management Center versions prior to 6.1.0 1, versions prior to 6.1.0, versions prior to 6.2.0 2, versions prior to 6.2.1 2, versions prior to 6.2.2 2, and versions prior to 6.2.3 , versions prior to 6.3.0, versions prior to 6.4.0, and versions prior to 6.5.0

Trust: 1.71

sources: NVD: CVE-2019-16028 // JVNDB: JVNDB-2019-016046 // VULHUB: VHN-148133

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:gteversion:6.3.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:ltversion:6.3.0.6

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:ltversion:6.5.0.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:ltversion:6.2.3.16

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:ltversion:6.4.0.7

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower management centerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-016046 // NVD: CVE-2019-16028

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16028
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2019-16028
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-16028
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202001-1392
value: CRITICAL

Trust: 0.6

VULHUB: VHN-148133
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-16028
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148133
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-16028
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-16028
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-148133 // JVNDB: JVNDB-2019-016046 // CNNVD: CNNVD-202001-1392 // NVD: CVE-2019-16028 // NVD: CVE-2019-16028

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-148133 // JVNDB: JVNDB-2019-016046 // NVD: CVE-2019-16028

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1392

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202001-1392

PATCH

title:cisco-sa-20200122-fmc-authurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth

Trust: 0.8

title:Cisco Firepower Management Center Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107735

Trust: 0.6

sources: JVNDB: JVNDB-2019-016046 // CNNVD: CNNVD-202001-1392

EXTERNAL IDS

db:NVDid:CVE-2019-16028

Trust: 2.5

db:JVNDBid:JVNDB-2019-016046

Trust: 0.8

db:CNNVDid:CNNVD-202001-1392

Trust: 0.7

db:AUSCERTid:ESB-2020.0242

Trust: 0.6

db:VULHUBid:VHN-148133

Trust: 0.1

sources: VULHUB: VHN-148133 // JVNDB: JVNDB-2019-016046 // CNNVD: CNNVD-202001-1392 // NVD: CVE-2019-16028

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200122-fmc-auth

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-16028

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0242/

Trust: 0.6

sources: VULHUB: VHN-148133 // JVNDB: JVNDB-2019-016046 // CNNVD: CNNVD-202001-1392 // NVD: CVE-2019-16028

SOURCES

db:VULHUBid:VHN-148133
db:JVNDBid:JVNDB-2019-016046
db:CNNVDid:CNNVD-202001-1392
db:NVDid:CVE-2019-16028

LAST UPDATE DATE

2024-08-14T15:01:43+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-148133date:2020-10-07T00:00:00
db:JVNDBid:JVNDB-2019-016046date:2021-04-19T07:59:00
db:CNNVDid:CNNVD-202001-1392date:2020-10-09T00:00:00
db:NVDid:CVE-2019-16028date:2020-10-07T11:01:17.320

SOURCES RELEASE DATE

db:VULHUBid:VHN-148133date:2020-09-23T00:00:00
db:JVNDBid:JVNDB-2019-016046date:2021-04-19T00:00:00
db:CNNVDid:CNNVD-202001-1392date:2020-01-22T00:00:00
db:NVDid:CVE-2019-16028date:2020-09-23T01:15:14.207