First published: Wed Oct 02 2019(Updated: )
A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on the affected device. A successful exploit could allow the attacker to cause the length variable to roll over, which could cause the affected device to crash.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Adaptive Security Appliance | <9.6.4.30 | |
Cisco Adaptive Security Appliance Software | >=9.7<9.8.4 | |
Cisco Adaptive Security Appliance Software | >=9.9<9.9.2.50 | |
Cisco Adaptive Security Appliance Software | >=9.10<9.10.1.22 | |
Cisco Adaptive Security Appliance Software | >=9.12<9.12.2.1 | |
Cisco Asa 5505 | ||
Cisco Asa 5510 | ||
Cisco Asa 5512-x | ||
Cisco Asa 5515-x | ||
Cisco Asa 5520 | ||
Cisco Asa 5525-x | ||
Cisco Asa 5550 | ||
Cisco Asa 5555-x | ||
Cisco Asa 5580 | ||
Cisco Asa 5585-x |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco ASA Software vulnerability is CVE-2019-12693.
The severity level of CVE-2019-12693 is medium (4.9).
The affected software for CVE-2019-12693 includes Cisco Adaptive Security Appliance Software versions 9.7 to 9.8.4, 9.9 to 9.9.2.50, 9.10 to 9.10.1.22, and 9.12 to 9.12.2.1.
The vulnerability type for CVE-2019-12693 is a denial of service (DoS) vulnerability.
To fix CVE-2019-12693, users should upgrade to a fixed release of the Cisco Adaptive Security Appliance (ASA) Software.