Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1714

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.

Published

2019-05-03T17:29:00.533

Last Modified

2024-11-21T04:37:09.697

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-255
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	firepower_threat_defense	< 6.2.3.12	Yes
Application	cisco	firepower_threat_defense	< 6.3.0.3	Yes
Operating System	cisco	adaptive_security_appliance_software	< 9.8.4	Yes
Operating System	cisco	adaptive_security_appliance_software	< 9.9.2.50	Yes
Operating System	cisco	adaptive_security_appliance_software	< 9.10.1.17	Yes
Application	cisco	adaptive_security_virtual_appliance	-	No
Hardware	cisco	asa-5506-x	-	No
Hardware	cisco	asa-5506h-x	-	No
Hardware	cisco	asa-5506w-x	-	No
Hardware	cisco	asa-5508-x	-	No
Hardware	cisco	asa-5516-x	-	No
Hardware	cisco	asa-5525-x	-	No
Hardware	cisco	asa-5545-x	-	No
Hardware	cisco	asa-5555-x	-	No
Hardware	cisco	firepower_2110	-	No
Hardware	cisco	firepower_2120	-	No
Hardware	cisco	firepower_2130	-	No
Hardware	cisco	firepower_2140	-	No
Hardware	cisco	firepower_4100	-	No
Hardware	cisco	firepower_9300	-	No
Hardware	cisco	isa_3000	-	No

References

http://www.securityfocus.com/bid/108185 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/108185 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)