CVE-2019-12693

A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on the affected device. A successful exploit could allow the attacker to cause the length variable to roll over, which could cause the affected device to crash.

Published: Oct 2, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-12693
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

Affected Software
References

Software	From	Fixed in
cisco / adaptive_security_appliance	-	9.6.4.30
cisco / adaptive_security_appliance_software	9.7	9.8.4
cisco / adaptive_security_appliance_software	9.9	9.9.2.50
cisco / adaptive_security_appliance_software	9.10	9.10.1.22
cisco / adaptive_security_appliance_software	9.12	9.12.2.1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-scp-dos

Vulnerability Database

289,599

CVE-2019-12693