CVE-2019-1934

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified)

Description The issue is related to insufficient authorization validation in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software. This could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device by sending specific HTTPS requests. The attacker must first log in to the device as a low-privileged user and then use the information retrieved during the initial login to execute administrative functions.

Recommendations For all affected versions, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, limit the privileges of users who can log in to the device to minimize the risk of exploitation. Avoid using the web-based management interface for administrative functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.