Vulnerabilities > CVE-2019-1934 - Unspecified vulnerability in Cisco Adaptive Security Appliance Software
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login.
Vulnerable Configurations
Nessus
| NASL family | CISCO |
| NASL id | CISCO-SA-20190807-ASA-PRIVESCALA.NASL |
| description | According to its self-reported version, Cisco Adaptive Security Appliance (ASA) Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information |
| last seen | 2020-06-05 |
| modified | 2020-06-02 |
| plugin id | 137052 |
| published | 2020-06-02 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/137052 |
| title | Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability |