Vulnerabilities > CVE-2019-1934 - Unspecified vulnerability in Cisco Adaptive Security Appliance Software

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
cisco
nessus

Summary

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login.

Vulnerable Configurations

Part Description Count
OS
Cisco
163

Nessus

NASL familyCISCO
NASL idCISCO-SA-20190807-ASA-PRIVESCALA.NASL
descriptionAccording to its self-reported version, Cisco Adaptive Security Appliance (ASA) Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information
last seen2020-06-05
modified2020-06-02
plugin id137052
published2020-06-02
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/137052
titleCisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability