CVE-2019-1832

MEDIUM

Cisco Firepower Threat Defense - Auth Bypass

Title source: llm

Description

A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies. The vulnerability is due to improper validation of ICMP packets. An attacker could exploit this vulnerability by sending crafted ICMP packets to the affected device. A successful exploit could allow the attacker to bypass configured access control policies.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108340

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-ftdde-poly-bypass

Scores

CVSS v3 5.8

EPSS 0.0011

EPSS Percentile 30.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Classification

CWE

CWE-693

Status published

Affected Products (6)

cisco/secure_firewall_management_center

Timeline

Published May 16, 2019

Tracked Since Feb 18, 2026