CVE-2019-1696 : Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor

Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

Published 2019-05-03 15:29:01

Updated 2024-11-26 16:09:02

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2019-1696

Cisco » Firepower Threat Defense
Versions from including (>=) 6.0.0 and before (<) 6.2.3.12
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Matching versions
Cisco » Secure Firewall Management Center » Version: 2.9.9
cpe:2.3:a:cisco:secure_firewall_management_center:2.9.9:*:*:*:*:*:*:*
Matching versions
Cisco » Secure Firewall Management Center » Version: 2.9.10
cpe:2.3:a:cisco:secure_firewall_management_center:2.9.10:*:*:*:*:*:*:*
Matching versions
Cisco » Secure Firewall Management Center » Version: 2.9.11
cpe:2.3:a:cisco:secure_firewall_management_center:2.9.11:*:*:*:*:*:*:*
Matching versions
Cisco » Secure Firewall Management Center » Version: 2.9.12
cpe:2.3:a:cisco:secure_firewall_management_center:2.9.12:*:*:*:*:*:*:*
Matching versions
Cisco » Secure Firewall Management Center » Version: 2.9.8
cpe:2.3:a:cisco:secure_firewall_management_center:2.9.8:*:*:*:*:*:*:*
Matching versions
Cisco » Secure Firewall Management Center » Version: 2.9.13
cpe:2.3:a:cisco:secure_firewall_management_center:2.9.13:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-1696

EPSS FAQ

0.72%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-1696

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:A/AC:L/Au:N/C:N/I:N/A:P	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.4	HIGH	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H	2.8	4.0	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	Cisco Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2019-1696

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.
Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)

References for CVE-2019-1696

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort

Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/108171

Cisco Firepower Threat Defense Software Multiple Denial of Service Vulnerabilities

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-1696

Products affected by CVE-2019-1696

Exploit prediction scoring system (EPSS) score for CVE-2019-1696

CVSS scores for CVE-2019-1696

CWE ids for CVE-2019-1696

References for CVE-2019-1696