CVE-2019-1669

A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition. The vulnerability exists because the affected software improperly manages system memory resources when inspecting traffic. An attacker could exploit this vulnerability by generating specific traffic patterns for the software to inspect. A successful exploit could allow the attacker to exhaust system memory resources used for traffic inspection. Depending on the configuration, the FTD Software could fail open and cease to inspect traffic or fail closed and result in a DoS condition. This vulnerability may require manual intervention to restore the software.

CVSS v3 8.6 HIGH
CVSS v2.0 5.0 MEDIUM

8.6^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/106721	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:::::::*

History

No history.

Information

Published : 2019-01-24 16:29

Updated : 2023-12-10 12:44

NVD link : CVE-2019-1669

Mitre link : CVE-2019-1669

CVE.ORG link : CVE-2019-1669

JSON object : View

Products Affected

cisco

firepower_threat_defense

CWE

CWE-693

Protection Mechanism Failure

{"id": "CVE-2019-1669", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2019-01-24T16:29:00.597", "references": [{"url": "http://www.securityfocus.com/bid/106721", "tags": ["Third Party Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-693"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition. The vulnerability exists because the affected software improperly manages system memory resources when inspecting traffic. An attacker could exploit this vulnerability by generating specific traffic patterns for the software to inspect. A successful exploit could allow the attacker to exhaust system memory resources used for traffic inspection. Depending on the configuration, the FTD Software could fail open and cease to inspect traffic or fail closed and result in a DoS condition. This vulnerability may require manual intervention to restore the software."}, {"lang": "es", "value": "Una vulnerabilidad en el componente de adquisici\u00f3n de datos (DAQ) de Cisco Firepower Threat Defense (FTD) Software podr\u00eda permitir a un atacante remoto no autenticado omitir las pol\u00edticas de control de acceso configuradas o provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad existe porque el software afectado gestiona incorrectamente los recursos de la memoria del sistema al inspeccionar tr\u00e1fico. Un atacante podr\u00eda explotar esta vulnerabilidad generando patrones de tr\u00e1fico espec\u00edficos para que el software los inspeccione. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante agotar los recursos de la memoria del sistema que se utilizan para inspecciones de tr\u00e1fico. Dependiendo de la configuraci\u00f3n, el software FTD podr\u00eda \"fail open\" y dejar de inspeccionar tr\u00e1fico o \"fail closed\" y resultar en una condici\u00f3n DoS. Esta vulnerabilidad podr\u00eda requerir intervenci\u00f3n manual para recuperar el software."}], "lastModified": "2019-10-09T23:47:40.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ED58B0E-FCC7-48E3-A5C0-6CC54A38BAE3"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}