Vulnerability Name:

CVE-2019-1714 (CCN-160412)

Assigned:2018-12-06
Published:2019-05-01
Updated:2022-05-31
Summary:A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.
CVSS v3 Severity:8.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)
7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N)
5.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2019-1714

Source: BID
Type: Third Party Advisory, VDB Entry
108185

Source: XF
Type: UNKNOWN
cisco-cve20191714-sec-bypass(160412)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20190501-asaftd-saml-vpn
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability

Source: CISCO
Type: Vendor Advisory
20190501 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* (Version >= 9.7 and < 9.8.4)
  • OR cpe:/a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* (Version >= 9.9 and < 9.9.2.50)
  • OR cpe:/a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* (Version >= 9.10 and < 9.10.1.17)
  • OR cpe:/a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* (Version >= 6.3.0 and < 6.3.0.3)
  • OR cpe:/a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* (Version >= 6.2.1 and < 6.2.3.12)
  • AND
  • cpe:/h:cisco:firepower_4100:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_9300:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asa-5506-x:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asa-5545-x:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asa-5506h-x:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asa-5555-x:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_2110:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_2120:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_2130:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_2140:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asa-5506w-x:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asa-5508-x:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asa-5516-x:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asa-5525-x:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:isa_3000:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:firepower_threat_defense_virtual:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco adaptive security appliance software *
    cisco adaptive security appliance software *
    cisco adaptive security appliance software *
    cisco firepower threat defense *
    cisco firepower threat defense *
    cisco firepower 4100 -
    cisco firepower 9300 -
    cisco asa-5506-x -
    cisco asa-5545-x -
    cisco asa-5506h-x -
    cisco asa-5555-x -
    cisco firepower 2110 -
    cisco firepower 2120 -
    cisco firepower 2130 -
    cisco firepower 2140 -
    cisco adaptive security virtual appliance -
    cisco asa-5506w-x -
    cisco asa-5508-x -
    cisco asa-5516-x -
    cisco asa-5525-x -
    cisco isa 3000 -
    cisco firepower threat defense virtual -