How severe is CVE-2019-1934?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2019-1934?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2019-1934 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login.

Related Vulnerabilities

CVE-2016-1710

HIGH

CVSS:8.8(High)

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which ...

CWE-2852016

CVE-2016-1711

HIGH

CVSS:8.8(High)

WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows r...

CWE-2852016

CVE-2016-3352

HIGH

CVSS:8.8(High)

Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via...

CWE-2852016

CVE-2016-7071

HIGH

CVSS:8.8(High)

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbi...

CWE-2852016

CVE-2016-9217

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. Mor...

CWE-2852016

CVE-2017-0926

HIGH

CVSS:8.8(High)

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.

CWE-2852017