CVE-2019-1978

MEDIUM

Cisco Firepower Services Software For Asa - Improper Input Validation

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1978. PoCs published by TrustedSec.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability (CVE-2019-19781) in Citrix ADC (NetScaler) to write a malicious XML template to disk, which is then executed to achieve remote code execution via a reverse shell.

Description

A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked.

Exploits (1)

exploitdb WORKING POC

by TrustedSec · pythonwebappsmultiple

https://www.exploit-db.com/exploits/47902

View Code ZIP pw:eip

This exploit leverages a directory traversal vulnerability (CVE-2019-19781) in Citrix ADC (NetScaler) to write a malicious XML template to disk, which is then executed to achieve remote code execution via a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Citrix ADC (NetScaler) versions affected by CVE-2019-19781

No auth needed

Prerequisites: Vulnerable Citrix ADC (NetScaler) instance · Network access to the target · Listener set up on attacker's machine

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190816-ftd-srb

Scores

CVSS v3 5.8

EPSS 0.0938

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20 CWE-264

Status published

Products (5)

cisco/firepower_services_software_for_asa

cisco/firepower_threat_defense

cisco/secure_firewall_management_center 2.9.15

cisco/secure_firewall_management_center 2.9.16

cisco/secure_firewall_management_center 2.9.12 - 2.9.12.15

Published Nov 05, 2019

Tracked Since Feb 18, 2026