How severe is CVE-2019-1714?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2019-1714?

This is classified as CWE-255, which is a common weakness in software security.

CVE-2019-1714 - MEDIUM Severity | CVSS 5.8

Vulnerability Description

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.

Related Vulnerabilities

CVE-2016-8918

MEDIUM

CVSS:5.9(Medium)

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.

CWE-2552016

CVE-2016-8962

MEDIUM

CVSS:5.9(Medium)

IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.

CWE-2552016

CVE-2019-4381

MEDIUM

CVSS:5.9(Medium)

IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker cou...

CWE-2552019

CVE-2016-8967

MEDIUM

CVSS:5.5(Medium)

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.

CWE-2552016

CVE-2021-28499

MEDIUM

CVSS:5.5(Medium)

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects:...

CWE-2552021

CVE-2021-28508

MEDIUM

CVSS:6.1(Medium)

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is...

CWE-2552021