CVSS: 4.8EPSS: 0%CPEs: 19EXPL: 0CVE-2019-1701 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1701
Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities. • http://www.securityfocus.com/bid/108152 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2019-1697 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Lightweight Directory Access Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1697
A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets sent to an affected device. An attacker could exploit these vulnerabilities by sending a crafted LDAP packet, using Basic Encoding Rules (BER), to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Una vulnerabilidad en la implementación de la función del Lightweight Directory Access Protocol (LDAP) en el software Cisco Adaptive Security Appliance (ASA) y en el software Firepower Threat Defense (FTD) podría permitir que un atacante remoto no autenticado provoque la recarga de un dispositivo afectado, lo que resulta en una Condición de denegación de servicio (DoS). • http://www.securityfocus.com/bid/108182 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftds-ldapdos • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 19EXPL: 0CVE-2019-1694 – Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software TCP Timer Handling Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1694
A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots. Una vulnerabilidad en el TCP processing engine of Cisco Adaptive Security Appliance (ASA) el Programa y Cisco Firepower Threat Defense (FTD) El programa podría permitir que un atacante remoto no autenticado provoque la recarga de un dispositivo afectado, lo que provocaría una condición de denegación de servicio(DoS). • http://www.securityfocus.com/bid/108160 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-frpwrtd-dos • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-1695 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1695
A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful exploit could allow the attacker to bypass the Layer 2 (L2) filters and send data directly to the kernel of the affected device. A malicious frame successfully delivered would make the target device generate a specific syslog entry. • http://www.securityfocus.com/bid/108173 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-bypass • CWE-284: Improper Access Control •
CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0CVE-2019-1693 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1693
A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition. Una vulnerabilidad en el servicio WebVPN del software Cisco Adaptive Security Appliance (ASA) y del software Cisco Firepower Threat Defense (FTD) podía permitir a un atacante remoto, no autenticado, causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • http://www.securityfocus.com/bid/108157 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-dos • CWE-399: Resource Management Errors •