Informazioni sul CVE-2019-1714
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability
CWE ID: CWE-255
Base Score (CVSS): N/A
CVE: CVE-2019-1714
Descrizione: A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn
- http://www.securityfocus.com/bid/108185
Prodotti interessati
- Cisco – Cisco Adaptive Security Appliance (ASA) Software
- Cisco – Cisco Firepower Threat Defense (FTD) Software
Relazioni con altri prodotti
Produttore:Cisco
Prodotto: Cisco Adaptive Security Appliance (ASA) Software
Anno: 2019
CWE: CWE-255
CVSS: 0.0
Produttore:Cisco
Prodotto: Cisco Firepower Threat Defense (FTD) Software
Anno: 2019
CWE: CWE-255
CVSS: 0.0