Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-1945— Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities

EPSS 0.06% · P17
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-1945

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Adaptive Security Appliance Software 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Adaptive Security Appliances Software(ASA Software)是美国思科(Cisco)公司的一套防火墙和网络安全平台。该平台提供了对数据和网络资源的高度安全的访问等功能。 Cisco ASA Software中的smart tunnel功能存在输入验证错误漏洞。本地攻击者通过创建恶意的系统文件并写入到文件系统中利用该漏洞覆盖系统文件并执行恶意的二进制文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco Adaptive Security Appliance (ASA) Software unspecified ~ 9.8.4.7 -

II. Public POCs for CVE-2019-1945

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-1945

登录查看更多情报信息。

Same Patch Batch · Cisco · 2019-08-07 · 15 CVEs total

CVE-2019-1928Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne
CVE-2019-1929Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne
CVE-2019-1934Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escala
CVE-2019-1944Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities
CVE-2019-1926Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne
CVE-2019-1927Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne
CVE-2019-1918Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnera
CVE-2019-1924Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne
CVE-2019-1925Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulne
CVE-2019-1910Cisco IOS XR Software Intermediate System to Intermediate System Denial of Service Vulnera
CVE-2019-1895Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability
CVE-2019-1913Cisco Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities
CVE-2019-1914Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
CVE-2019-1912Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability

IV. Related Vulnerabilities

Same product: Cisco Adaptive Security Appliance (ASA) Software
Same vendor: Cisco
Same weakness: CWE-20

V. Comments for CVE-2019-1945

No comments yet

Leave a comment