CVE-2019-12673

HIGH

Cisco ASA <9.6.4.34, >=9.7 <9.8.4.10 & FTD <6.3.0.5 - DoS via FTP Inspection

Title source: llm

Description

A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of FTP data. An attacker could exploit this vulnerability by sending malicious FTP traffic through an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-dos

Scores

CVSS v3 7.5

EPSS 0.0177

EPSS Percentile 75.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-119 CWE-20

Status published

Products (3)

cisco/adaptive_security_appliance < 9.6.4.34

cisco/adaptive_security_appliance_software 9.7 - 9.8.4.10

cisco/firepower_threat_defense < 6.3.0.5

Published Oct 02, 2019

Tracked Since Feb 18, 2026