Informazioni sul CVE-2019-1695
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering Bypass Vulnerability
CWE ID: CWE-284
Base Score (CVSS): N/A
CVE: CVE-2019-1695
Descrizione: A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful exploit could allow the attacker to bypass the Layer 2 (L2) filters and send data directly to the kernel of the affected device. A malicious frame successfully delivered would make the target device generate a specific syslog entry.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-bypass
- http://www.securityfocus.com/bid/108173
Prodotti interessati
- Cisco – Cisco Adaptive Security Appliance (ASA) Software
- Cisco – Cisco Firepower Threat Defense (FTD) Software
Relazioni con altri prodotti
Produttore:Cisco
Prodotto: Cisco Adaptive Security Appliance (ASA) Software
Anno: 2019
CWE: CWE-284
CVSS: 0.0
Produttore:Cisco
Prodotto: Cisco Firepower Threat Defense (FTD) Software
Anno: 2019
CWE: CWE-284
CVSS: 0.0