A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco secure Firewall Management Center
|
|
CPEs | cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:* | |
Vendors & Products |
Cisco firepower Management Center
|
Cisco secure Firewall Management Center
|
Wed, 13 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-09-23T00:27:04.203191Z
Updated: 2024-11-13T18:47:14.541Z
Reserved: 2019-09-06T00:00:00
Link: CVE-2019-15992
Vulnrichment
Updated: 2024-08-05T01:03:32.832Z
NVD
Status : Modified
Published: 2020-09-23T01:15:13.333
Modified: 2024-11-26T16:09:02.407
Link: CVE-2019-15992
Redhat
No data.