CVE-2019-1944

Description

Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory.

Risk Information

Base Score

7.3

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.047

Associated Vulnerability

Vulnerability	OS Platform
Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities For Cisco Adaptive Security Appliance (ASA) Software	NCM
Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-1944)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706057	Security Update for Cisco Adaptive Security Appliance (ASA) Software 99.17(1.69)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234