CVE-2019-1934 (CNNVD-201908-546)
中文标题:
Cisco Adaptive Security Appliances Software 安全漏洞
英文标题:
Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability
漏洞描述
中文描述:
Cisco Adaptive Security Appliances Software(ASA Software)是美国思科(Cisco)公司的一套防火墙和网络安全平台。该平台提供了对数据和网络资源的高度安全的访问等功能。 Cisco ASA Software 8.2及之后版本中存在安全漏洞,该漏洞源于程序没有充分进行授权验证。远程攻击者可通过登录到受影响产品并发送HTTPS请求利用该漏洞提升权限并使用管理功能。
英文描述:
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | - | < 9.6.4.30 | - |
cpe:2.3:a:cisco:cisco_adaptive_security_appliance_(asa)_software:*:*:*:*:*:*:*:*
|
| cisco | adaptive_security_appliance_software | * | - | - |
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.0 (cna)
HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2019-1934 |
2025-11-11 15:20:09 | 2025-11-11 07:35:41 |
| NVD | nvd_CVE-2019-1934 |
2025-11-11 14:56:25 | 2025-11-11 07:44:11 |
| CNNVD | cnnvd_CNNVD-201908-546 |
2025-11-11 15:10:15 | 2025-11-11 07:54:51 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-201908-546
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']