CVE Vulnerabilities

CVE-2019-1705

Improper Resource Shutdown or Release

Published: May 03, 2019 | Modified: Aug 15, 2023
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition.

Weakness

The product does not release or incorrectly releases a resource before it is made available for re-use.

Affected Software

Name Vendor Start Version End Version
Adaptive_security_appliance_software Cisco 9.4 (including) 9.4.4.34 (excluding)
Adaptive_security_appliance_software Cisco 9.5 (including) 9.6.4.25 (excluding)
Adaptive_security_appliance_software Cisco 9.7 (including) 9.8.4 (excluding)
Adaptive_security_appliance_software Cisco 9.9 (including) 9.9.2.50 (excluding)
Adaptive_security_appliance_software Cisco 9.10 (including) 9.10.1.17 (excluding)

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

References