CVE-2019-1693
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition.
Affected (7)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.4.4.34 |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5505 | All versions |
Cisco Asa 5510 | All versions |
Cisco Asa 5512 X | All versions |
Cisco Asa 5515 X | All versions |
Cisco Asa 5520 | All versions |
Cisco Asa 5525 X | All versions |
Cisco Asa 5540 | All versions |
Cisco Asa 5545 X | All versions |
Cisco Asa 5550 | All versions |
Cisco Asa 5555 X | All versions |
Cisco Asa 5580 | All versions |
Cisco Asa 5585 X | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 6.2.1 to 6.2.3.12 |
Related CWEs
References (4)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.