VDB
CVE-2019-15992
CVE-2019-15992
PUBLISHED
CVSS 7.199999809265137 HIGH
A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.
EPSS 3.77% · 88.3th percentile
Risk Scores
CVSS 3.0
7.199999809265137
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
3.77%
88.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | n/a |
| cisco | adaptive_security_appliance | 0 |
| cisco | firepower_threat_defense | |
| cisco | secure_firewall_management_center | 6.3.0, 0, 6.4.0 |
| cisco | adaptive_security_appliance_software | 9.14, 9.10, 9.9 |
Exploit Intelligence
Timeline
- Nov 12, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score