CVE-2019-1695

A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful exploit could allow the attacker to bypass the Layer 2 (L2) filters and send data directly to the kernel of the affected device. A malicious frame successfully delivered would make the target device generate a specific syslog entry.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:37

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/108173 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/108173 - Third Party Advisory, VDB Entry
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-bypass - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-bypass - Vendor Advisory

15 Aug 2023, 15:24

Type Values Removed Values Added
CPE cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Information

Published : 2019-05-03 15:29

Updated : 2024-11-21 04:37


NVD link : CVE-2019-1695

Mitre link : CVE-2019-1695

CVE.ORG link : CVE-2019-1695


JSON object : View

Products Affected

cisco

  • firepower_2120
  • firepower_threat_defense
  • firepower_2130
  • adaptive_security_appliance_software
  • firepower_2110
  • firepower_2140
CWE
CWE-284

Improper Access Control

NVD-CWE-Other