CVE-2019-1715
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. The vulnerability is due to insufficient entropy in the DRBG when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.
Una vulnerabilidad en el Deterministic Random Bit Generator (DRBG), conocido como Pseudorandom Number Generator (PRNG), utilizado en los programas Adaptive Security Appliance (ASA) y Firepower Threat Defense (FTD) de Cisco, podría permitir que un atacante remoto no identificado genere una colisión criptográfica, que permite al atacante descubrir la clave privada de un dispositivo afectado. La vulnerabilidad se debe a una entropía insuficiente en la DRBG al generar claves criptográficas. Un atacante podría atacar esta vulnerabilidad al generar una gran cantidad de claves criptográficas en un dispositivo afectado y provocar colisiones con los dispositivos de destino. Una operación exito podría permitir al atacante hacerse pasar por un dispositivo de destino afectado o descifrar el tráfico protegido por una clave afectada que se envía desde un dispositivo de destino afectado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-06 CVE Reserved
- 2019-05-03 CVE Published
- 2023-03-07 EPSS Updated
- 2024-11-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-332: Insufficient Entropy in PRNG
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.8 < 9.8.4 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.8 < 9.8.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506-x Search vendor "Cisco" for product "Asa-5506-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.8 < 9.8.4 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.8 < 9.8.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506h-x Search vendor "Cisco" for product "Asa-5506h-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.8 < 9.8.4 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.8 < 9.8.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506w-x Search vendor "Cisco" for product "Asa-5506w-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.8 < 9.8.4 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.8 < 9.8.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5508-x Search vendor "Cisco" for product "Asa-5508-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.8 < 9.8.4 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.8 < 9.8.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5516-x Search vendor "Cisco" for product "Asa-5516-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.8 < 9.8.4 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.8 < 9.8.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5525-x Search vendor "Cisco" for product "Asa-5525-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.8 < 9.8.4 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.8 < 9.8.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5545-x Search vendor "Cisco" for product "Asa-5545-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.8 < 9.8.4 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.8 < 9.8.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5555-x Search vendor "Cisco" for product "Asa-5555-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.8 < 9.8.4 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.8 < 9.8.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5500 Search vendor "Cisco" for product "Asa 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.9 < 9.9.2.50 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.9 < 9.9.2.50" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506-x Search vendor "Cisco" for product "Asa-5506-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.9 < 9.9.2.50 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.9 < 9.9.2.50" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506h-x Search vendor "Cisco" for product "Asa-5506h-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.9 < 9.9.2.50 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.9 < 9.9.2.50" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506w-x Search vendor "Cisco" for product "Asa-5506w-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.9 < 9.9.2.50 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.9 < 9.9.2.50" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5508-x Search vendor "Cisco" for product "Asa-5508-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.9 < 9.9.2.50 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.9 < 9.9.2.50" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5516-x Search vendor "Cisco" for product "Asa-5516-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.9 < 9.9.2.50 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.9 < 9.9.2.50" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5525-x Search vendor "Cisco" for product "Asa-5525-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.9 < 9.9.2.50 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.9 < 9.9.2.50" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5545-x Search vendor "Cisco" for product "Asa-5545-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.9 < 9.9.2.50 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.9 < 9.9.2.50" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5555-x Search vendor "Cisco" for product "Asa-5555-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Device Manager Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" | >= 9.9 < 9.9.2.50 Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version " >= 9.9 < 9.9.2.50" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5500 Search vendor "Cisco" for product "Asa 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.1 < 6.2.3.12 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.1 < 6.2.3.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506-x Search vendor "Cisco" for product "Asa-5506-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.1 < 6.2.3.12 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.1 < 6.2.3.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506h-x Search vendor "Cisco" for product "Asa-5506h-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.1 < 6.2.3.12 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.1 < 6.2.3.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506w-x Search vendor "Cisco" for product "Asa-5506w-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.1 < 6.2.3.12 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.1 < 6.2.3.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5508-x Search vendor "Cisco" for product "Asa-5508-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.1 < 6.2.3.12 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.1 < 6.2.3.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5516-x Search vendor "Cisco" for product "Asa-5516-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.1 < 6.2.3.12 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.1 < 6.2.3.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5525-x Search vendor "Cisco" for product "Asa-5525-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.1 < 6.2.3.12 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.1 < 6.2.3.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5545-x Search vendor "Cisco" for product "Asa-5545-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.1 < 6.2.3.12 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.1 < 6.2.3.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5555-x Search vendor "Cisco" for product "Asa-5555-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.2.1 < 6.2.3.12 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.1 < 6.2.3.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5500 Search vendor "Cisco" for product "Asa 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.3.0 < 6.3.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.3.0 < 6.3.0.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506-x Search vendor "Cisco" for product "Asa-5506-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.3.0 < 6.3.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.3.0 < 6.3.0.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506h-x Search vendor "Cisco" for product "Asa-5506h-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.3.0 < 6.3.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.3.0 < 6.3.0.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5506w-x Search vendor "Cisco" for product "Asa-5506w-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.3.0 < 6.3.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.3.0 < 6.3.0.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5508-x Search vendor "Cisco" for product "Asa-5508-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.3.0 < 6.3.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.3.0 < 6.3.0.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5516-x Search vendor "Cisco" for product "Asa-5516-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.3.0 < 6.3.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.3.0 < 6.3.0.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5525-x Search vendor "Cisco" for product "Asa-5525-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.3.0 < 6.3.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.3.0 < 6.3.0.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5545-x Search vendor "Cisco" for product "Asa-5545-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.3.0 < 6.3.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.3.0 < 6.3.0.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa-5555-x Search vendor "Cisco" for product "Asa-5555-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.3.0 < 6.3.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.3.0 < 6.3.0.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asa 5500 Search vendor "Cisco" for product "Asa 5500" | - | - |
Safe
|