First published: Fri May 03 2019(Updated: )
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Adaptive Security Appliance Software | <9.4.4.34 | |
Cisco Adaptive Security Appliance Software | >=9.5<9.6.4.25 | |
Cisco Adaptive Security Appliance Software | >=9.7<9.8.4 | |
Cisco Adaptive Security Appliance Software | >=9.9<9.9.2.50 | |
Cisco Adaptive Security Appliance Software | >=9.10<9.10.1.17 | |
Cisco Asa 5505 | ||
Cisco Asa 5510 | ||
Cisco Asa 5512-x | ||
Cisco Asa 5515-x | ||
Cisco Asa 5520 | ||
Cisco Asa 5525-x | ||
Cisco Asa 5540 | ||
Cisco Asa 5545-x | ||
Cisco Asa 5550 | ||
Cisco Asa 5555-x | ||
Cisco Asa 5580 | ||
Cisco Asa 5585-x | ||
All of | ||
Any of | ||
Cisco Adaptive Security Appliance Software | <9.4.4.34 | |
Cisco Adaptive Security Appliance Software | >=9.5<9.6.4.25 | |
Cisco Adaptive Security Appliance Software | >=9.7<9.8.4 | |
Cisco Adaptive Security Appliance Software | >=9.9<9.9.2.50 | |
Cisco Adaptive Security Appliance Software | >=9.10<9.10.1.17 | |
Any of | ||
Cisco Asa 5505 | ||
Cisco Asa 5510 | ||
Cisco Asa 5512-x | ||
Cisco Asa 5515-x | ||
Cisco Asa 5520 | ||
Cisco Asa 5525-x | ||
Cisco Asa 5540 | ||
Cisco Asa 5545-x | ||
Cisco Asa 5550 | ||
Cisco Asa 5555-x | ||
Cisco Asa 5580 | ||
Cisco Asa 5585-x |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco Adaptive Security Appliance (ASA) Software vulnerability is CVE-2019-1713.
CVE-2019-1713 has a severity rating of 8.8 (Critical).
The affected software for CVE-2019-1713 is Cisco Adaptive Security Appliance (ASA) Software versions 9.4.4.34 up to, but not including, 9.10.1.17.
The vulnerability in CVE-2019-1713 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
Yes, Cisco has released a software update to address the vulnerability in CVE-2019-1713. Please refer to the Cisco Security Advisory for more information.