{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T17:34:35.234","vulnerabilities":[{"cve":{"id":"CVE-2019-1714","sourceIdentifier":"psirt@cisco.com","published":"2019-05-03T17:29:00.533","lastModified":"2024-11-21T04:37:09.697","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device."},{"lang":"es","value":"Una vulnerabilidad en la implementación del Security Assertion Markup Language (SAML) versión 2.0 Single Sign-On (SSO) para VPN SSL sin clientes (WebVPN) y AnyConnect Remote Access VPN en Cisco Adaptive Security Appliance (ASA) Programa y Cisco Firepower Threat Defense (FTD) El programa podría permitir a un atacante remoto no autenticado establecer con éxito una sesión VPN en un dispositivo afectado. La vulnerabilidad se debe a una gestión inadecuada de las credenciales cuando se utiliza NT LAN Manager (NTLM) o autenticación básica. Un atacante podría explotar esta vulnerabilidad abriendo una sesión VPN a un dispositivo afectado después de que otro usuario VPN se haya autenticado con éxito en el dispositivo afectado a través de SAML SSO. Un exploit con éxito podría permitir al atacante conectarse a redes seguras detrás del dispositivo afectado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"cvssMetricV30":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-255"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.1","versionEndExcluding":"6.2.3.12","matchCriteriaId":"C8F292C5-67ED-4F18-B6C4-5873BB771C3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndExcluding":"6.3.0.3","matchCriteriaId":"9A16803C-579C-4992-B37E-7CEC17307659"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.7","versionEndExcluding":"9.8.4","matchCriteriaId":"C812C8D5-3159-434C-8B9F-8CB0A8767923"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.9","versionEndExcluding":"9.9.2.50","matchCriteriaId":"ABCD2AF8-97D4-45C6-B80E-D5FA9B719BD5"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.10","versionEndExcluding":"9.10.1.17","matchCriteriaId":"B4C6B343-2D4D-4C7E-A59E-629773DD2E60"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*","matchCriteriaId":"E785C602-BE11-4FFC-A2A7-EC520E220C0F"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa-5506-x:-:*:*:*:*:*:*:*","matchCriteriaId":"4916B846-AEAD-4C06-9705-048627F27236"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa-5506h-x:-:*:*:*:*:*:*:*","matchCriteriaId":"931B9C8E-6AD7-4E05-8E48-27D3931DC8BB"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa-5506w-x:-:*:*:*:*:*:*:*","matchCriteriaId":"D78BA13B-49B2-4ECF-A69D-5C14EAB6B118"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa-5508-x:-:*:*:*:*:*:*:*","matchCriteriaId":"5806FA7C-356B-45BB-ABB0-54B87167AF77"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa-5516-x:-:*:*:*:*:*:*:*","matchCriteriaId":"93289CFF-6A07-46F2-A2E0-5C43C67E0DCD"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa-5525-x:-:*:*:*:*:*:*:*","matchCriteriaId":"45A11CA4-D93C-4D32-81C7-E3CF71EC4BBB"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa-5545-x:-:*:*:*:*:*:*:*","matchCriteriaId":"0EF47542-3C2E-4BDB-823F-9A901312C634"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asa-5555-x:-:*:*:*:*:*:*:*","matchCriteriaId":"A567EFB6-9A19-4BC0-8EE2-6E2219D09961"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*","matchCriteriaId":"52D96810-5F79-4A83-B8CA-D015790FCF72"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*","matchCriteriaId":"16FE2945-4975-4003-AE48-7E134E167A7F"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*","matchCriteriaId":"DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*","matchCriteriaId":"976901BF-C52C-4F81-956A-711AF8A60140"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*","matchCriteriaId":"9E9552E6-0B9B-4B32-BE79-90D4E3887A7B"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*","matchCriteriaId":"07DAFDDA-718B-4B69-A524-B0CEB80FE960"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*","matchCriteriaId":"9510E97A-FD78-43C6-85BC-223001ACA264"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/108185","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/108185","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}