Sign-up

ID

VAR-201905-0238


CVE

CVE-2019-1709


TITLE

Cisco Firepower Threat Defense In software OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003887

DESCRIPTION

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. This issue is being tracked by Cisco Bug ID CSCvm14267. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data

Trust: 1.98

sources: NVD: CVE-2019-1709 // JVNDB: JVNDB-2019-003887 // BID: 108156 // VULHUB: VHN-149301

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.2

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.1

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.1

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.0.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:neversion:6.2.3.12

Trust: 0.3

sources: BID: 108156 // JVNDB: JVNDB-2019-003887 // NVD: CVE-2019-1709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1709
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1709
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1709
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-009
value: HIGH

Trust: 0.6

VULHUB: VHN-149301
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1709
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149301
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1709
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1709
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-149301 // JVNDB: JVNDB-2019-003887 // CNNVD: CNNVD-201905-009 // NVD: CVE-2019-1709 // NVD: CVE-2019-1709

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

problemtype:CWE-77

Trust: 0.1

sources: VULHUB: VHN-149301 // JVNDB: JVNDB-2019-003887 // NVD: CVE-2019-1709

THREAT TYPE

local

Trust: 0.9

sources: BID: 108156 // CNNVD: CNNVD-201905-009

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201905-009

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003887

PATCH
title:cisco-sa-20190501-frpwr-cmd-injurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-cmd-inj
Trust: 0.8
title:Cisco Firepower Threat Defense Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92160
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003887 // 
            
            
            
            CNNVD: CNNVD-201905-009

EXTERNAL IDS
db:NVDid:CVE-2019-1709
Trust: 2.8
db:BIDid:108156
Trust: 2.0
db:JVNDBid:JVNDB-2019-003887
Trust: 0.8
db:CNNVDid:CNNVD-201905-009
Trust: 0.7
db:AUSCERTid:ESB-2019.1516
Trust: 0.6
db:VULHUBid:VHN-149301
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149301 // 
            
            
            
            BID: 108156 // 
            
            
            
            JVNDB: JVNDB-2019-003887 // 
            
            
            
            CNNVD: CNNVD-201905-009 // 
            
            
            
            NVD: CVE-2019-1709

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-frpwr-cmd-inj
Trust: 2.6
url:http://www.securityfocus.com/bid/108156
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-1709
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1709
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-ftd-cmd-inject
Trust: 0.6
url:https://www.auscert.org.au/bulletins/80106
Trust: 0.6
sources:
            
            
            VULHUB: VHN-149301 // 
            
            
            
            BID: 108156 // 
            
            
            
            JVNDB: JVNDB-2019-003887 // 
            
            
            
            CNNVD: CNNVD-201905-009 // 
            
            
            
            NVD: CVE-2019-1709

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 108156 // 
            
            
            
            CNNVD: CNNVD-201905-009

SOURCES
db:VULHUBid:VHN-149301
db:BIDid:108156
db:JVNDBid:JVNDB-2019-003887
db:CNNVDid:CNNVD-201905-009
db:NVDid:CVE-2019-1709

LAST UPDATE DATE
2024-08-14T13:45:04.895000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-149301date:2019-10-09T00:00:00
db:BIDid:108156date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003887date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-009date:2019-05-14T00:00:00
db:NVDid:CVE-2019-1709date:2019-10-09T23:47:47.253

SOURCES RELEASE DATE
db:VULHUBid:VHN-149301date:2019-05-03T00:00:00
db:BIDid:108156date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003887date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-009date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1709date:2019-05-03T16:29:00.740