cve-2019-1714
Vulnerability from cvelistv5
Published
2019-05-03 16:15
Modified
2024-11-19 19:08
Severity ?
EPSS score ?
Summary
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability
References
▼ | URL | Tags | |
---|---|---|---|
ykramarz@cisco.com | http://www.securityfocus.com/bid/108185 | Third Party Advisory, VDB Entry | |
ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn | Vendor Advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:28:42.818Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20190501 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn" }, { "name": "108185", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108185" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-1714", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-19T17:24:19.883643Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T19:08:27.857Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Adaptive Security Appliance (ASA) Software", "vendor": "Cisco", "versions": [ { "lessThan": "9.8.4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "9.9.2.50", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "9.10.1.17", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Cisco Firepower Threat Defense (FTD) Software", "vendor": "Cisco", "versions": [ { "lessThan": "6.2.3.12", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "6.3.0.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-05-01T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-255", "description": "CWE-255", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-08T08:05:59", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20190501 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn" }, { "name": "108185", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108185" } ], "source": { "advisory": "cisco-sa-20190501-asaftd-saml-vpn", "defect": [ [ "CSCvn72570" ] ], "discovery": "INTERNAL" }, "title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-01T16:00:00-0700", "ID": "CVE-2019-1714", "STATE": "PUBLIC", "TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Adaptive Security Appliance (ASA) Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "9.8.4" }, { "affected": "\u003c", "version_affected": "\u003c", "version_value": "9.9.2.50" }, { "affected": "\u003c", "version_affected": "\u003c", "version_value": "9.10.1.17" } ] } }, { "product_name": "Cisco Firepower Threat Defense (FTD) Software", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "6.2.3.12" }, { "affected": "\u003c", "version_affected": "\u003c", "version_value": "6.3.0.3" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.8", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-255" } ] } ] }, "references": { "reference_data": [ { "name": "20190501 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn" }, { "name": "108185", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108185" } ] }, "source": { "advisory": "cisco-sa-20190501-asaftd-saml-vpn", "defect": [ [ "CSCvn72570" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1714", "datePublished": "2019-05-03T16:15:18.833510Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-19T19:08:27.857Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-1714\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2019-05-03T17:29:00.533\",\"lastModified\":\"2023-08-15T15:24:56.340\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la implementaci\u00f3n del Security Assertion Markup Language (SAML) versi\u00f3n 2.0 Single Sign-On (SSO) para VPN SSL sin clientes (WebVPN) y AnyConnect Remote Access VPN en Cisco Adaptive Security Appliance (ASA) Programa y Cisco Firepower Threat Defense (FTD) El programa podr\u00eda permitir a un atacante remoto no autenticado establecer con \u00e9xito una sesi\u00f3n VPN en un dispositivo afectado. La vulnerabilidad se debe a una gesti\u00f3n inadecuada de las credenciales cuando se utiliza NT LAN Manager (NTLM) o autenticaci\u00f3n b\u00e1sica. Un atacante podr\u00eda explotar esta vulnerabilidad abriendo una sesi\u00f3n VPN a un dispositivo afectado despu\u00e9s de que otro usuario VPN se haya autenticado con \u00e9xito en el dispositivo afectado a trav\u00e9s de SAML SSO. Un exploit con \u00e9xito podr\u00eda permitir al atacante conectarse a redes seguras detr\u00e1s del dispositivo afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"cvssMetricV30\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.1\",\"versionEndExcluding\":\"6.2.3.12\",\"matchCriteriaId\":\"C8F292C5-67ED-4F18-B6C4-5873BB771C3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3.0\",\"versionEndExcluding\":\"6.3.0.3\",\"matchCriteriaId\":\"9A16803C-579C-4992-B37E-7CEC17307659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.7\",\"versionEndExcluding\":\"9.8.4\",\"matchCriteriaId\":\"C812C8D5-3159-434C-8B9F-8CB0A8767923\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.9\",\"versionEndExcluding\":\"9.9.2.50\",\"matchCriteriaId\":\"ABCD2AF8-97D4-45C6-B80E-D5FA9B719BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.10\",\"versionEndExcluding\":\"9.10.1.17\",\"matchCriteriaId\":\"B4C6B343-2D4D-4C7E-A59E-629773DD2E60\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E785C602-BE11-4FFC-A2A7-EC520E220C0F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa-5506-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4916B846-AEAD-4C06-9705-048627F27236\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa-5506h-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"931B9C8E-6AD7-4E05-8E48-27D3931DC8BB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa-5506w-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D78BA13B-49B2-4ECF-A69D-5C14EAB6B118\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa-5508-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5806FA7C-356B-45BB-ABB0-54B87167AF77\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa-5516-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93289CFF-6A07-46F2-A2E0-5C43C67E0DCD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa-5525-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45A11CA4-D93C-4D32-81C7-E3CF71EC4BBB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa-5545-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EF47542-3C2E-4BDB-823F-9A901312C634\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asa-5555-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A567EFB6-9A19-4BC0-8EE2-6E2219D09961\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52D96810-5F79-4A83-B8CA-D015790FCF72\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16FE2945-4975-4003-AE48-7E134E167A7F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"976901BF-C52C-4F81-956A-711AF8A60140\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E9552E6-0B9B-4B32-BE79-90D4E3887A7B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DAFDDA-718B-4B69-A524-B0CEB80FE960\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9510E97A-FD78-43C6-85BC-223001ACA264\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/108185\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.