Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1705

A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition.

Published

2019-05-03T16:29:00.553

Last Modified

2024-11-21T04:37:08.510

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-404
  • Type: Primary
    CWE-404
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco adaptive_security_appliance_software < 9.4.4.34 Yes
Operating System cisco adaptive_security_appliance_software < 9.6.4.25 Yes
Operating System cisco adaptive_security_appliance_software < 9.8.4 Yes
Operating System cisco adaptive_security_appliance_software < 9.9.2.50 Yes
Operating System cisco adaptive_security_appliance_software < 9.10.1.17 Yes
Hardware cisco asa_5506-x - No
Hardware cisco asa_5506h-x - No
Hardware cisco asa_5506w-x - No
Hardware cisco asa_5508-x - No
Hardware cisco asa_5516-x - No
Hardware cisco asa_5525-x - No
Hardware cisco asa_5545-x - No
Hardware cisco asa_5555-x - No
References