CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2019-12698 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN CPU Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12698
A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for a specific WebVPN HTTP page request. An attacker could exploit this vulnerability by sending multiple WebVPN HTTP page load requests for a specific URL. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition, which could cause traffic to be delayed through the device. Una vulnerabilidad en la funcionalidad WebVPN del Software Cisco Adaptive Security Appliance (ASA) y el Software Cisco Firepower Threat Defense (FTD), podría permitir a un atacante remoto no autenticado causar una mayor utilización de la CPU en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-dos • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2019-12697 – Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12697
Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Cisco Firepower System Software Detection Engine, podrían permitir a un atacante remoto no autenticado omitir las Políticas de Malware y Archivos configuradas para los tipos de archivos RTF y RAR. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-firepwr-bypass • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2019-12696 – Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12696
Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Cisco Firepower System Software Detection Engine, podrían permitir a un atacante remoto no autenticado omitir las Políticas de Malware y Archivos configuradas para los tipos de archivos RTF y RAR. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-firepwr-bypass • CWE-693: Protection Mechanism Failure •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2019-12695 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-12695
A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Una vulnerabilidad en el portal Clientless SSL VPN (WebVPN) de Cisco Adaptive Security Appliance (ASA) y el Software Cisco Firepower Threat Defense (FTD), podría permitir a un atacante remoto no autenticado realizar un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de administración basada en web de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12694 – Cisco Firepower Threat Defense Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-12694
A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. Una vulnerabilidad en la interfaz de línea de comando (CLI) del Software Cisco Firepower Threat Defense (FTD), podría permitir a un atacante local autenticado con privilegios administrativos ejecutar comandos sobre el sistema operativo subyacente con privilegios de root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-cmdinj • CWE-20: Improper Input Validation •