VDB

CVE-2019-1714

CVE-2019-1714 PUBLISHED CVSS 5.800000190734863 MEDIUM

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.

EPSS 1.65% · 82.4th percentile

Risk Scores

CVSS 3.0
5.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
1.65%
82.4th percentile

Affected Products

VendorProductVersions
ciscoadaptive_security_appliance_software9.9, 9.10, 9.7
CiscoCisco Firepower Threat Defense (FTD) Softwareunspecified, *
CiscoCisco Adaptive Security Appliance (ASA) Softwareunspecified, unspecified, unspecified
ciscofirepower_threat_defense6.3.0, 6.2.1

Exploit Intelligence

Timeline

  • May 1, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

…and 4 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›