Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-1978

Опубликовано: 05 нояб. 2019
Источник: nvd
CVSS3: 5.8
CVSS3: 5.8
CVSS2: 5
EPSS Средний

Описание

A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:firepower_services_software_for_asa:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Версия от 2.9.12 (включая) до 2.9.12.15 (включая)
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Версия от 2.9.13 (включая) до 2.9.13.6 (включая)
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Версия от 2.9.14.0 (включая) до 2.9.14.5 (включая)
cpe:2.3:a:cisco:secure_firewall_management_center:2.9.15:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:2.9.16:*:*:*:*:*:*:*

EPSS

Процентиль: 97%
0.40159
Средний

5.8 Medium

CVSS3

5.8 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-264
CWE-20

Связанные уязвимости

github логотип

GHSA-9jmf-g2f7-v2ph

CVSS3: 5.8
github
больше 3 лет назад

A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked.

EPSS

Процентиль: 97%
0.40159
Средний

5.8 Medium

CVSS3

5.8 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-264
CWE-20