目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2019-1713— Cisco Adaptive Security Appliances Software 跨站请求伪造漏洞

EPSS 0.25% · P48
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2019-1713の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
Cisco Adaptive Security Appliance Software Cross-Site Request Forgery Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
跨站请求伪造(CSRF)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Cisco Adaptive Security Appliances Software 跨站请求伪造漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Cisco Adaptive Security Appliances Software(ASA Software)是美国思科(Cisco)公司的一套防火墙和网络安全平台。该平台提供了对数据和网络资源的高度安全的访问等功能。 Cisco ASA Software中基于Web的管理界面存在跨站请求伪造漏洞。该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞通过受影响客户端向服务器发送非预期的请求。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
CiscoCisco Adaptive Security Appliance (ASA) Software unspecified ~ 9.4.4.34 -

II. CVE-2019-1713の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2019-1713のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · Cisco · 2019-05-03 · 41 CVEs total

CVE-2019-1692Cisco Application Policy Infrastructure Controller Web-Based Management Interface Usage In
CVE-2019-1703Cisco Firepower Threat Defense Software Packet Processing Denial of Service Vulnerability
CVE-2019-1704Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial
CVE-2019-1699Cisco Firepower Threat Defense Software Command Injection Vulnerability
CVE-2019-1697Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Lightweig
CVE-2019-1694Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software TCP
CVE-2019-1695Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering
CVE-2019-1696Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial
CVE-2019-1693Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN De
CVE-2019-1687Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software TCP Proxy
CVE-2019-1701Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site
CVE-2019-1635Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Servi
CVE-2019-1682Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability
CVE-2019-1589Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured
CVE-2019-1590Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure F
CVE-2019-1592Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege
CVE-2018-15462Cisco Firepower Threat Defense Software TCP Ingress Handler Denial of Service Vulnerabilit
CVE-2019-1586Cisco Application Policy Infrastructure Controller Recoverable Encryption Key Vulnerabilit
CVE-2019-1587Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Filter Que
CVE-2018-15388Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN De

Showing 20 of 41 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: Cisco Adaptive Security Appliance (ASA) Software
同じベンダー: Cisco
同じ弱点: CWE-352

V. CVE-2019-1713へのコメント

まだコメントはありません

コメントを残す