7.5
CWE
332
Advisory Published
Updated

CVE-2019-1715: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability

First published: Fri May 03 2019(Updated: )

A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. The vulnerability is due to insufficient entropy in the DRBG when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Adaptive Security Appliance Device Manager>=9.8<9.8.4
Cisco Adaptive Security Appliance Device Manager>=9.9<9.9.2.50
Cisco Firepower Threat Defense>=6.2.1<6.2.3.12
Cisco Firepower Threat Defense>=6.3.0<6.3.0.3
Cisco Asa-5506-x
Cisco Asa-5506h-x
Cisco Asa-5506w-x
Cisco Asa-5508-x
Cisco Asa-5516-x
Cisco Asa-5525-x
Cisco Asa-5545-x
Cisco Asa-5555-x
Cisco ASA 5500
All of
Any of
Cisco Adaptive Security Appliance Device Manager>=9.8<9.8.4
Cisco Adaptive Security Appliance Device Manager>=9.9<9.9.2.50
Cisco Firepower Threat Defense>=6.2.1<6.2.3.12
Cisco Firepower Threat Defense>=6.3.0<6.3.0.3
Any of
Cisco Asa-5506-x
Cisco Asa-5506h-x
Cisco Asa-5506w-x
Cisco Asa-5508-x
Cisco Asa-5516-x
Cisco Asa-5525-x
Cisco Asa-5545-x
Cisco Asa-5555-x
Cisco ASA 5500

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2019-1715?

    CVE-2019-1715 is a vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software.

  • How can an unauthenticated, remote attacker exploit CVE-2019-1715?

    An unauthenticated, remote attacker can exploit CVE-2019-1715 to cause a cryptographic collision and potentially impact the confidentiality, integrity, and availability of the affected software.

  • What is the severity rating of CVE-2019-1715?

    CVE-2019-1715 has a severity rating of 7.5 (High).

  • Which versions of Cisco Adaptive Security Appliance (ASA) Software are affected by CVE-2019-1715?

    Versions 9.8 to 9.8.4 and versions 9.9 to 9.9.2.50 of Cisco Adaptive Security Appliance (ASA) Software are affected by CVE-2019-1715.

  • What versions of Cisco Firepower Threat Defense (FTD) Software are vulnerable to CVE-2019-1715?

    Versions 6.2.1 to 6.2.3.12 and versions 6.3.0 to 6.3.0.3 of Cisco Firepower Threat Defense (FTD) Software are vulnerable to CVE-2019-1715.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203