CVSS: 8.6EPSS: 0%CPEs: 17EXPL: 0CVE-2019-12673 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12673
A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of FTP data. An attacker could exploit this vulnerability by sending malicious FTP traffic through an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. Una vulnerabilidad en el motor de inspección FTP del Software Cisco Adaptive Security (ASA) y el Software Cisco Firepower Threat Defense (FTD), podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-dos • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1945 – Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1945
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. Múltiples vulnerabilidades en la funcionalidad de smart tunnel de Adaptive Security Appliance (ASA) de Cisco, podrían permitir a un atacante local autenticado elevar los privilegios al usuario root o cargar un archivo de biblioteca malicioso mientras el túnel está siendo establecido. Para más información sobre estas vulnerabilidades, consulte la sección de Detalles de este aviso de seguridad. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-multi • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1934 – Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1934
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login. Una vulnerabilidad en la interfaz de administración basada en web del software Adaptive Security Appliance (ASA) de Cisco, podría permitir a un atacante remoto autenticado elevar los privilegios y ejecutar funciones administrativas en un dispositivo afectado. La vulnerabilidad es debido a una comprobación de autorización insuficiente. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-privescala • CWE-285: Improper Authorization •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1944 – Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1944
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. Múltiples vulnerabilidades en la funcionalidad de smart tunnel de Adaptive Security Appliance (ASA) de Cisco, podrían permitir a un atacante local autenticado elevar los privilegios al usuario root o cargar un archivo de biblioteca malicioso mientras el túnel está siendo establecido. Para más información sobre estas vulnerabilidades, consulte la sección de Detalles de este aviso de seguridad. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-multi • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-1713 – Cisco Adaptive Security Appliance Software Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1713
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •