Sign-up

ID

VAR-201905-0582


CVE

CVE-2019-1699


TITLE

Cisco Firepower Threat Defense In software OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003889

DESCRIPTION

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. This issue being tracked by Cisco Bug IDs CSCvm14217, CSCvn33026. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data

Trust: 2.07

sources: NVD: CVE-2019-1699 // JVNDB: JVNDB-2019-003889 // BID: 108135 // VULHUB: VHN-149191 // VULMON: CVE-2019-1699

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:ltversion:6.2.3.12

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.0.1

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.3

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3.6

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 0.3

vendor:ciscomodel:firepower threat defense softwarescope:neversion:6.2.3.12

Trust: 0.3

sources: BID: 108135 // JVNDB: JVNDB-2019-003889 // NVD: CVE-2019-1699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1699
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1699
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1699
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-010
value: HIGH

Trust: 0.6

VULHUB: VHN-149191
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1699
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1699
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-149191
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1699
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1699
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-149191 // VULMON: CVE-2019-1699 // JVNDB: JVNDB-2019-003889 // CNNVD: CNNVD-201905-010 // NVD: CVE-2019-1699 // NVD: CVE-2019-1699

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-149191 // JVNDB: JVNDB-2019-003889 // NVD: CVE-2019-1699

THREAT TYPE

local

Trust: 0.9

sources: BID: 108135 // CNNVD: CNNVD-201905-010

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201905-010

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003889

PATCH
title:cisco-sa-20190501-ftd-cmd-injecturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-ftd-cmd-inject
Trust: 0.8
title:Cisco Firepower Threat Defense Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92161
Trust: 0.6
title:Cisco: Cisco Firepower Threat Defense Software Command Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190501-ftd-cmd-inject
Trust: 0.1
title: - url:https://github.com/ExpLangcn/FuYao-Go 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1699 // 
            
            
            
            JVNDB: JVNDB-2019-003889 // 
            
            
            
            CNNVD: CNNVD-201905-010

EXTERNAL IDS
db:NVDid:CVE-2019-1699
Trust: 2.9
db:BIDid:108135
Trust: 1.0
db:JVNDBid:JVNDB-2019-003889
Trust: 0.8
db:CNNVDid:CNNVD-201905-010
Trust: 0.7
db:AUSCERTid:ESB-2019.1516
Trust: 0.6
db:VULHUBid:VHN-149191
Trust: 0.1
db:VULMONid:CVE-2019-1699
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149191 // 
            
            
            
            VULMON: CVE-2019-1699 // 
            
            
            
            BID: 108135 // 
            
            
            
            JVNDB: JVNDB-2019-003889 // 
            
            
            
            CNNVD: CNNVD-201905-010 // 
            
            
            
            NVD: CVE-2019-1699

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-ftd-cmd-inject
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1699
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1699
Trust: 0.8
url:https://www.auscert.org.au/bulletins/80106
Trust: 0.6
url:https://www.securityfocus.com/bid/108135
Trust: 0.6
sources:
            
            
            VULHUB: VHN-149191 // 
            
            
            
            BID: 108135 // 
            
            
            
            JVNDB: JVNDB-2019-003889 // 
            
            
            
            CNNVD: CNNVD-201905-010 // 
            
            
            
            NVD: CVE-2019-1699

CREDITS
Lubomir Vesely of Tower Street .
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-010

SOURCES
db:VULHUBid:VHN-149191
db:VULMONid:CVE-2019-1699
db:BIDid:108135
db:JVNDBid:JVNDB-2019-003889
db:CNNVDid:CNNVD-201905-010
db:NVDid:CVE-2019-1699

LAST UPDATE DATE
2024-08-14T13:45:04.799000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-149191date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-1699date:2019-10-09T00:00:00
db:BIDid:108135date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003889date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-010date:2019-05-14T00:00:00
db:NVDid:CVE-2019-1699date:2019-10-09T23:47:45.533

SOURCES RELEASE DATE
db:VULHUBid:VHN-149191date:2019-05-03T00:00:00
db:VULMONid:CVE-2019-1699date:2019-05-03T00:00:00
db:BIDid:108135date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003889date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-010date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1699date:2019-05-03T16:29:00.303