CVE-2019-1713: Cisco Adaptive Security Appliance Software Cross-Site Request Forgery Vulnerability
First published: Fri May 03 2019(Updated: )
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Adaptive Security Appliance Software | <9.4.4.34 | |
| Cisco Adaptive Security Appliance Software | >=9.5<9.6.4.25 | |
| Cisco Adaptive Security Appliance Software | >=9.7<9.8.4 | |
| Cisco Adaptive Security Appliance Software | >=9.9<9.9.2.50 | |
| Cisco Adaptive Security Appliance Software | >=9.10<9.10.1.17 | |
| Cisco Asa 5505 | ||
| Cisco Asa 5510 | ||
| Cisco Asa 5512-x | ||
| Cisco Asa 5515-x | ||
| Cisco Asa 5520 | ||
| Cisco Asa 5525-x | ||
| Cisco Asa 5540 | ||
| Cisco Asa 5545-x | ||
| Cisco Asa 5550 | ||
| Cisco Asa 5555-x | ||
| Cisco Asa 5580 | ||
| Cisco Asa 5585-x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco Adaptive Security Appliance (ASA) Software vulnerability?
The vulnerability ID for this Cisco Adaptive Security Appliance (ASA) Software vulnerability is CVE-2019-1713.
What is the severity rating for CVE-2019-1713?
CVE-2019-1713 has a severity rating of 8.8 (Critical).
What is the affected software for CVE-2019-1713?
The affected software for CVE-2019-1713 is Cisco Adaptive Security Appliance (ASA) Software versions 9.4.4.34 up to, but not including, 9.10.1.17.
How does the vulnerability in CVE-2019-1713 manifest?
The vulnerability in CVE-2019-1713 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
Is there a fix available for CVE-2019-1713?
Yes, Cisco has released a software update to address the vulnerability in CVE-2019-1713. Please refer to the Cisco Security Advisory for more information.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco adaptive security appliance software
- version/cisco adaptive security appliance software/9.5
- version/cisco adaptive security appliance software/9.7
- version/cisco adaptive security appliance software/9.9
- version/cisco adaptive security appliance software/9.10
- canonical/cisco asa 5505
- canonical/cisco asa 5510
- canonical/cisco asa 5512-x
- canonical/cisco asa 5515-x
- canonical/cisco asa 5520
- canonical/cisco asa 5525-x
- canonical/cisco asa 5540
- canonical/cisco asa 5545-x
- canonical/cisco asa 5550
- canonical/cisco asa 5555-x
- canonical/cisco asa 5580
- canonical/cisco asa 5585-x