How severe is CVE-2019-15992?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2019-15992?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2019-15992 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.

Related Vulnerabilities

CVE-2016-6115

HIGH

CVSS:7.2(High)

IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the ...

CWE-1192016

CVE-2016-7820

HIGH

CVSS:7.2(High)

Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-servi...

CWE-1192016

CVE-2016-8998

HIGH

CVSS:7.2(High)

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on t...

CWE-1192016

CVE-2017-2276

HIGH

CVSS:7.2(High)

Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.

CWE-1192017

CVE-2017-5712

HIGH

CVSS:7.2(High)

Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to exec...

CWE-1192017

CVE-2018-0632

HIGH

CVSS:7.2(High)

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response.

CWE-1192018