CVE-2019-1978 | Date: (C)2019-11-06 (M)2023-12-22 |
A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 5.8 | CVSS Score : 5.0 |
Exploit Score: 3.9 | Exploit Score: 10.0 |
Impact Score: 1.4 | Impact Score: 2.9 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: LOW | Access Complexity: LOW |
Privileges Required: NONE | Authentication: NONE |
User Interaction: NONE | Confidentiality: NONE |
Scope: CHANGED | Integrity: PARTIAL |
Confidentiality: NONE | Availability: NONE |
Integrity: LOW | |
Availability: NONE | |
| |