CVE-2019-12693 — MEDIUM (4.9)

Q: How severe is CVE-2019-12693?

CVE-2019-12693 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-12693?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance, Cisco Adaptive Security Appliance Software, Cisco Asa 5505, Cisco Asa 5510, Cisco Asa 5512-X.

Vulnerability Description

A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on the affected device. A successful exploit could allow the attacker to cause the length variable to roll over, which could cause the affected device to crash.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Adaptive Security Appliance	< 9.6.4.30
Cisco	Adaptive Security Appliance Software	>= 9.7, < 9.8.4
Cisco	Asa 5505	-
Cisco	Asa 5510	-
Cisco	Asa 5512-X	-
Cisco	Asa 5515-X	-
Cisco	Asa 5520	-
Cisco	Asa 5525-X	-
Cisco	Asa 5550	-
Cisco	Asa 5555-X	-
Cisco	Asa 5580	-
Cisco	Asa 5585-X	-

Related Weaknesses (CWE)

CWE-704 CWE-190

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2019-12693?

CVE-2019-12693 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vul...

How severe is CVE-2019-12693?

CVE-2019-12693 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-12693?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance, Cisco Adaptive Security Appliance Software, Cisco Asa 5505, Cisco Asa 5510, Cisco Asa 5512-X.