CVE-2019-12698

HIGH

Cisco ASA & FTD Unauthenticated DoS via WebVPN HTTP Request

Title source: llm

Description

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for a specific WebVPN HTTP page request. An attacker could exploit this vulnerability by sending multiple WebVPN HTTP page load requests for a specific URL. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition, which could cause traffic to be delayed through the device.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-dos

Scores

CVSS v3 7.5

EPSS 0.0197

EPSS Percentile 77.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (3)

cisco/adaptive_security_appliance < 9.6.4.31

cisco/adaptive_security_appliance_software 9.7 - 9.8.4.9

cisco/firepower_threat_defense < 6.2.3.15

Published Oct 02, 2019

Tracked Since Feb 18, 2026