var-201908-0539
Vulnerability from variot
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. Cisco Adaptive Security Appliance (ASA) Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources. The smart tunnel function in Cisco ASA has an input validation error vulnerability. The vulnerability is caused by the loose permissions assigned to the local system files created by the ASA smart tunnel on the client device. A local attacker could exploit this vulnerability by running a malicious script to elevate privileges to root without the user's knowledge
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0539", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "adaptive security appliance software", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "9.4.4.37" }, { "model": "adaptive security appliance software", "scope": null, "trust": 0.8, "vendor": "cisco", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007652" }, { "db": "NVD", "id": "CVE-2019-1944" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:cisco:adaptive_security_appliance_software", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007652" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Francesco Giordano of Hacktive Security for reporting these vulnerabilities.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-545" } ], "trust": 0.6 }, "cve": "CVE-2019-1944", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "CVE-2019-1944", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "VHN-151886", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.3, "id": "CVE-2019-1944", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "ykramarz@cisco.com", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "id": "CVE-2019-1944", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.3, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-1944", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-1944", "trust": 1.0, "value": "HIGH" }, { "author": "ykramarz@cisco.com", "id": "CVE-2019-1944", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2019-1944", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201908-545", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-151886", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-1944", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-151886" }, { "db": "VULMON", "id": "CVE-2019-1944" }, { "db": "JVNDB", "id": "JVNDB-2019-007652" }, { "db": "CNNVD", "id": "CNNVD-201908-545" }, { "db": "NVD", "id": "CVE-2019-1944" }, { "db": "NVD", "id": "CVE-2019-1944" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. Cisco Adaptive Security Appliance (ASA) Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources. The smart tunnel function in Cisco ASA has an input validation error vulnerability. The vulnerability is caused by the loose permissions assigned to the local system files created by the ASA smart tunnel on the client device. A local attacker could exploit this vulnerability by running a malicious script to elevate privileges to root without the user\u0027s knowledge", "sources": [ { "db": "NVD", "id": "CVE-2019-1944" }, { "db": "JVNDB", "id": "JVNDB-2019-007652" }, { "db": "VULHUB", "id": "VHN-151886" }, { "db": "VULMON", "id": "CVE-2019-1944" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-1944", "trust": 2.6 }, { "db": "JVNDB", "id": "JVNDB-2019-007652", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201908-545", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2988", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-151886", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-1944", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-151886" }, { "db": "VULMON", "id": "CVE-2019-1944" }, { "db": "JVNDB", "id": "JVNDB-2019-007652" }, { "db": "CNNVD", "id": "CNNVD-201908-545" }, { "db": "NVD", "id": "CVE-2019-1944" } ] }, "id": "VAR-201908-0539", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-151886" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:29:58.628000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20190807-asa-multi", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-multi" }, { "title": "Cisco Adaptive Security Appliances Software Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96242" }, { "title": "Cisco: Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190807-asa-multi" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-1944" }, { "db": "JVNDB", "id": "JVNDB-2019-007652" }, { "db": "CNNVD", "id": "CNNVD-201908-545" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-732", "trust": 1.1 }, { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "CWE-200", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-151886" }, { "db": "JVNDB", "id": "JVNDB-2019-007652" }, { "db": "NVD", "id": "CVE-2019-1944" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-asa-multi" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1944" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1944" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2988/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/cisco-asa-privilege-escalation-via-smart-tunnel-29977" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/732.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-151886" }, { "db": "VULMON", "id": "CVE-2019-1944" }, { "db": "JVNDB", "id": "JVNDB-2019-007652" }, { "db": "CNNVD", "id": "CNNVD-201908-545" }, { "db": "NVD", "id": "CVE-2019-1944" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-151886" }, { "db": "VULMON", "id": "CVE-2019-1944" }, { "db": "JVNDB", "id": "JVNDB-2019-007652" }, { "db": "CNNVD", "id": "CNNVD-201908-545" }, { "db": "NVD", "id": "CVE-2019-1944" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-07T00:00:00", "db": "VULHUB", "id": "VHN-151886" }, { "date": "2019-08-07T00:00:00", "db": "VULMON", "id": "CVE-2019-1944" }, { "date": "2019-08-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007652" }, { "date": "2019-08-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-545" }, { "date": "2019-08-07T22:15:15.900000", "db": "NVD", "id": "CVE-2019-1944" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-16T00:00:00", "db": "VULHUB", "id": "VHN-151886" }, { "date": "2020-10-16T00:00:00", "db": "VULMON", "id": "CVE-2019-1944" }, { "date": "2019-08-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007652" }, { "date": "2019-08-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-545" }, { "date": "2024-11-21T04:37:44.380000", "db": "NVD", "id": "CVE-2019-1944" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-545" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cisco Adaptive Security Appliance Vulnerable to information disclosure", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007652" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-545" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.