Strix
26.1K

CVE-2019-1980

MEDIUMCVSS 5.3/10EPSS 0.97%

Last modified

CVE-2019-1980 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. EPSS estimates a 0.97% chance of exploitation in the next 30 days.

Description

A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy.

Metrics

CVSS 3.1
5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Probability
0.97%

57.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoFirepower Services Software For AsaAll versions
CiscoFirepower Threat DefenseAll versions
CiscoSecure Firewall Management Center>= 2.9.12, <= 2.9.12.15
CiscoSecure Firewall Management Center>= 2.9.13, <= 2.9.13.6
CiscoSecure Firewall Management Center>= 2.9.14.0, <= 2.9.14.5
CiscoSecure Firewall Management Center2.9.15
CiscoSecure Firewall Management Center2.9.16

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-1980?
A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy.
How severe is CVE-2019-1980?
CVE-2019-1980 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.97% probability of exploitation in the next 30 days.
How do I fix CVE-2019-1980?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-1980?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST