A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2019-11-12T00:00:00
Updated: 2020-09-23T00:27:04
Reserved: 2019-09-06T00:00:00
Link: CVE-2019-15992
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-23T01:15:13.333
Modified: 2023-08-16T16:18:07.767
Link: CVE-2019-15992
JSON object: View
Redhat Information
No data.