CVE-2019-12693

CVE Database · CVE-2019-12693

CVE-2019-12693

· MEDIUMModified

CVSS v3.1

4.9

EPSS

1.49%

Published

Oct 2, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on the affected device. A successful exploit could allow the attacker to cause the length variable to roll over, which could cause the affected device to crash.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-704CWE-190CWE-704

Affected Products (15)

cisco · adaptive_security_appliance (up to 9.6.4.30)vulnerable

cisco · adaptive_security_appliance_software (up to 9.8.4)vulnerable

cisco · adaptive_security_appliance_software (up to 9.9.2.50)vulnerable

cisco · adaptive_security_appliance_software (up to 9.10.1.22)vulnerable

cisco · adaptive_security_appliance_software (up to 9.12.2.1)vulnerable

cisco · asa_5505

cisco · asa_5510

cisco · asa_5512-x

cisco · asa_5515-x

cisco · asa_5520

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-scp-dos

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-scp-dos

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs