First published: Fri May 03 2019(Updated: )
A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. The vulnerability is due to insufficient entropy in the DRBG when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Adaptive Security Appliance Device Manager | >=9.8<9.8.4 | |
Cisco Adaptive Security Appliance Device Manager | >=9.9<9.9.2.50 | |
Cisco Firepower Threat Defense | >=6.2.1<6.2.3.12 | |
Cisco Firepower Threat Defense | >=6.3.0<6.3.0.3 | |
Cisco Asa-5506-x | ||
Cisco Asa-5506h-x | ||
Cisco Asa-5506w-x | ||
Cisco Asa-5508-x | ||
Cisco Asa-5516-x | ||
Cisco Asa-5525-x | ||
Cisco Asa-5545-x | ||
Cisco Asa-5555-x | ||
Cisco ASA 5500 | ||
All of | ||
Any of | ||
Cisco Adaptive Security Appliance Device Manager | >=9.8<9.8.4 | |
Cisco Adaptive Security Appliance Device Manager | >=9.9<9.9.2.50 | |
Cisco Firepower Threat Defense | >=6.2.1<6.2.3.12 | |
Cisco Firepower Threat Defense | >=6.3.0<6.3.0.3 | |
Any of | ||
Cisco Asa-5506-x | ||
Cisco Asa-5506h-x | ||
Cisco Asa-5506w-x | ||
Cisco Asa-5508-x | ||
Cisco Asa-5516-x | ||
Cisco Asa-5525-x | ||
Cisco Asa-5545-x | ||
Cisco Asa-5555-x | ||
Cisco ASA 5500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1715 is a vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software.
An unauthenticated, remote attacker can exploit CVE-2019-1715 to cause a cryptographic collision and potentially impact the confidentiality, integrity, and availability of the affected software.
CVE-2019-1715 has a severity rating of 7.5 (High).
Versions 9.8 to 9.8.4 and versions 9.9 to 9.9.2.50 of Cisco Adaptive Security Appliance (ASA) Software are affected by CVE-2019-1715.
Versions 6.2.1 to 6.2.3.12 and versions 6.3.0 to 6.3.0.3 of Cisco Firepower Threat Defense (FTD) Software are vulnerable to CVE-2019-1715.