CVE-2019-1715: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability
First published: Fri May 03 2019(Updated: )
A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. The vulnerability is due to insufficient entropy in the DRBG when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Adaptive Security Appliance Device Manager | >=9.8<9.8.4 | |
| Cisco Adaptive Security Appliance Device Manager | >=9.9<9.9.2.50 | |
| Cisco Firepower Threat Defense | >=6.2.1<6.2.3.12 | |
| Cisco Firepower Threat Defense | >=6.3.0<6.3.0.3 | |
| Cisco Asa-5506-x | ||
| Cisco Asa-5506h-x | ||
| Cisco Asa-5506w-x | ||
| Cisco Asa-5508-x | ||
| Cisco Asa-5516-x | ||
| Cisco Asa-5525-x | ||
| Cisco Asa-5545-x | ||
| Cisco Asa-5555-x | ||
| Cisco ASA 5500 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-1715?
CVE-2019-1715 is a vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software.
How can an unauthenticated, remote attacker exploit CVE-2019-1715?
An unauthenticated, remote attacker can exploit CVE-2019-1715 to cause a cryptographic collision and potentially impact the confidentiality, integrity, and availability of the affected software.
What is the severity rating of CVE-2019-1715?
CVE-2019-1715 has a severity rating of 7.5 (High).
Which versions of Cisco Adaptive Security Appliance (ASA) Software are affected by CVE-2019-1715?
Versions 9.8 to 9.8.4 and versions 9.9 to 9.9.2.50 of Cisco Adaptive Security Appliance (ASA) Software are affected by CVE-2019-1715.
What versions of Cisco Firepower Threat Defense (FTD) Software are vulnerable to CVE-2019-1715?
Versions 6.2.1 to 6.2.3.12 and versions 6.3.0 to 6.3.0.3 of Cisco Firepower Threat Defense (FTD) Software are vulnerable to CVE-2019-1715.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco adaptive security appliance device manager
- version/cisco adaptive security appliance device manager/9.8
- version/cisco adaptive security appliance device manager/9.9
- canonical/cisco firepower threat defense
- version/cisco firepower threat defense/6.2.1
- version/cisco firepower threat defense/6.3.0
- canonical/cisco asa-5506-x
- canonical/cisco asa-5506h-x
- canonical/cisco asa-5506w-x
- canonical/cisco asa-5508-x
- canonical/cisco asa-5516-x
- canonical/cisco asa-5525-x
- canonical/cisco asa-5545-x
- canonical/cisco asa-5555-x
- canonical/cisco asa 5500