CVE-2019-1944 MEDIUM

CVE-2019-1944: Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities

Vendor Cisco

Product Cisco Adaptive Security Appliance (ASA) Software

Weakness CWE-20 · Input validation

Published August 7, 2019

Last update November 20, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory.

Key dates

02Disclosure timeline

August 7, 2019 CVE published

November 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-1944 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2019-1944

CWE CWE-20

CVSS 6.7 / MEDIUM

Affected versions