A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-09-23T00:27:04.203191Z
Updated: 2024-09-16T18:23:53.279Z
Reserved: 2019-09-06T00:00:00
Link: CVE-2019-15992
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-09-23T01:15:13.333
Modified: 2023-08-16T16:18:07.767
Link: CVE-2019-15992
Redhat
No data.