CVE-2019-1708
Summary
| CVE | CVE-2019-1708 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-05-03 16:29:00 UTC |
| Updated | 2023-08-15 15:24:00 UTC |
| Description | A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses. |
Risk And Classification
Problem Types: CWE-401
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Adaptive Security Appliance Software | All | All | All | All |
| Operating System | Cisco | Adaptive Security Appliance Software | All | All | All | All |
| Application | Cisco | Adaptive Security Appliance Software | All | All | All | All |
| Operating System | Cisco | Adaptive Security Appliance Software | All | All | All | All |
| Application | Cisco | Adaptive Security Appliance Software | All | All | All | All |
| Operating System | Cisco | Adaptive Security Appliance Software | All | All | All | All |
| Hardware | Cisco | Asa-5506-x | - | All | All | All |
| Hardware | Cisco | Asa-5506-x | - | All | All | All |
| Hardware | Cisco | Asa-5525-x | - | All | All | All |
| Hardware | Cisco | Asa-5525-x | - | All | All | All |
| Hardware | Cisco | Asa-5555-x | - | All | All | All |
| Hardware | Cisco | Asa-5555-x | - | All | All | All |
| Hardware | Cisco | Asa 5506h-x | - | All | All | All |
| Hardware | Cisco | Asa 5506h-x | - | All | All | All |
| Hardware | Cisco | Asa 5506w-x | - | All | All | All |
| Hardware | Cisco | Asa 5506w-x | - | All | All | All |
| Hardware | Cisco | Asa 5508-x | - | All | All | All |
| Hardware | Cisco | Asa 5508-x | - | All | All | All |
| Hardware | Cisco | Asa 5516-x | - | All | All | All |
| Hardware | Cisco | Asa 5516-x | - | All | All | All |
| Hardware | Cisco | Asa 5545-x | - | All | All | All |
| Hardware | Cisco | Asa 5545-x | - | All | All | All |
| Application | Cisco | Firepower Threat Defense | All | All | All | All |
| Application | Cisco | Firepower Threat Defense | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Multiple Cisco Products CVE-2019-1708 Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.