Published on: 02 May 2019
Cisco released security advisories to address the vulnerabilities in Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software. Several vulnerabilities are caused by cryptographic collision and implementation flaws in Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for VPN connection. An attacker could exploit the vulnerabilities by sending a specially crafted request, packet, traffic stream or establish sessions to an affected system; or entice a user to open malicious link.
Cisco products running a vulnerable release of ASA software or FTD software, including:
The above is only a sample list of affected systems and is not considered exhaustive. For detailed information of the affected products, please refer to the section "Affected Products" of corresponding security advisory at vendor's website.
Successful exploitation of the vulnerabilities could lead to VPN authentication bypass, cross-site request forgery (CSRF) attack, cross-site scripting (XSS) attack, privilege escalation, denial of services, or system reload on an affected system.
Software updates for affected systems are now available. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.
Users should contact their product support vendors for the fixes and assistance.
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-csrf
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-frpwrtd-dos
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-bypass
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-dos
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-entropy
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-ike-dos
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-xss
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftds-ldapdos
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftdtcp-dos
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ipsec-dos
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-vpn-dos
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-firepower-dos
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-cmd-inj
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-dos
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-ftd-cmd-inject
This link will open in a new windowhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sd-cpu-dos
This link will open in a new windowhttps://www.us-cert.gov/ncas/current-activity/2019/05/01/Cisco-Releases-Security-Updates
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15388
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15462
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1687
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1693
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1694 (to CVE-2019-1697)
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1699
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1701
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1703 (to CVE-2019-1706)
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1708
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1709
This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1713 (to CVE-2019-1715)
