CVE-2019-12693
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.2 / Impact: 3.6
Source: NVD
Description
A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on the affected device. A successful exploit could allow the attacker to cause the length variable to roll over, which could cause the affected device to crash.
Affected (5)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.6.4.30 | |
| From 9.10 to 9.10.1.22 |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5505 | All versions |
Cisco Asa 5510 | All versions |
Cisco Asa 5512 X | All versions |
Cisco Asa 5515 X | All versions |
Cisco Asa 5520 | All versions |
Cisco Asa 5525 X | All versions |
Cisco Asa 5550 | All versions |
Cisco Asa 5555 X | All versions |
Cisco Asa 5580 | All versions |
Cisco Asa 5585 X | All versions |
Related CWEs
CWE-190
Integer Overflow or Wraparound
The product performs a calculation that can
produce an integer overflow or wraparound when the logic
assumes that the resulting value will always be larger than
the original value. This occurs when an integer value is
incremented to a value that is too large to store in the
associated representation. When this occurs, the value may
become a very small or negative number.
CWE-704
Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.