Resource exhaustion in Cisco Asa_5506h-x
CVE-2019-1873
A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vu…
Vulnerability class: DoS (Denial of Service)
EPSS: 0.025 (82.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H.
Affected products
- Cisco Asa_5506h-x
- Cisco Asa_5506h-x_firmware — versions 9.6\(4.16\), 9.8\(3.8\)
- Cisco Asa_5506w-x
- Cisco Asa_5506w-x_firmware — versions 9.6\(4.16\), 9.8\(3.8\)
- Cisco Asa_5506-x
- Cisco Asa_5506-x_firmware — versions 9.6\(4.16\), 9.8\(3.8\)
- Cisco Asa_5508-x
- Cisco Asa_5508-x_firmware — versions 9.6\(4.16\), 9.8\(3.8\)
- Cisco Asa_5516-x
- Cisco Asa_5516-x_firmware — versions 9.6\(4.16\), 9.8\(3.8\)
Weakness classification (CWE)
References
- psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2019-1873?
- CVE-2019-1873 is a high-severity vulnerability in Cisco Asa_5506h-x, classified under Uncontrolled Resource Consumption. CVSS score: 8.6/10. Published 2019-07-10.
- How severe is CVE-2019-1873?
- High severity. CVSS v3 base score is 8.6 out of 10.