CVE-2019-12676

CVE Database · CVE-2019-12676

CVE-2019-12676

· HIGHModified

CVSS v3.1

7.4

EPSS

0.51%

Published

Oct 2, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerability by sending a crafted LSA type 11 OSPF packet to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20

Affected Products (17)

cisco · adaptive_security_appliance (up to 9.6.4.34)vulnerable

cisco · adaptive_security_appliance_software (up to 9.8.4.8)vulnerable

cisco · adaptive_security_appliance_software (up to 9.9.2.59)vulnerable

cisco · adaptive_security_appliance_software (up to 9.10.1.27)vulnerable

cisco · adaptive_security_appliance_software (up to 9.12.2.1)vulnerable

cisco · asa_5505

cisco · asa_5510

cisco · asa_5512-x

cisco · asa_5515-x

cisco · asa_5520

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs