Details of VAR-201908-0276

ID

VAR-201908-0276

CVE

CVE-2019-12627

TITLE

Cisco Firepower Threat Defense Software access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008633

DESCRIPTION

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data

Trust: 1.71

sources: NVD: CVE-2019-12627 // JVNDB: JVNDB-2019-008633 // VULHUB: VHN-144392

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.4	Trust: 1.0
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-008633 // NVD: CVE-2019-12627

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12627
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12627
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-12627
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-1650
value:	HIGH
Trust: 0.6
VULHUB:	VHN-144392
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-12627
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-144392
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12627
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12627
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0
NVD:	CVE-2019-12627
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-144392 // JVNDB: JVNDB-2019-008633 // CNNVD: CNNVD-201908-1650 // NVD: CVE-2019-12627 // NVD: CVE-2019-12627

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.9
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: VULHUB: VHN-144392 // JVNDB: JVNDB-2019-008633 // NVD: CVE-2019-12627

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1650

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-1650

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008633

PATCH

title:	cisco-sa-20190821-frpwr-td-info	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-frpwr-td-info	Trust: 0.8
title:	Cisco Firepower Threat Defense Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97262	Trust: 0.6

sources: JVNDB: JVNDB-2019-008633 // CNNVD: CNNVD-201908-1650

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12627	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008633	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1650	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3199	Trust: 0.6
db:	VULHUB	id:	VHN-144392	Trust: 0.1

sources: VULHUB: VHN-144392 // JVNDB: JVNDB-2019-008633 // CNNVD: CNNVD-201908-1650 // NVD: CVE-2019-12627

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-frpwr-td-info	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12627	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12627	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.3199/	Trust: 0.6

sources: VULHUB: VHN-144392 // JVNDB: JVNDB-2019-008633 // CNNVD: CNNVD-201908-1650 // NVD: CVE-2019-12627

CREDITS

Andrew Taylor of West Monroe Partners .

Trust: 0.6

sources: CNNVD: CNNVD-201908-1650

SOURCES

db:	VULHUB	id:	VHN-144392
db:	JVNDB	id:	JVNDB-2019-008633
db:	CNNVD	id:	CNNVD-201908-1650
db:	NVD	id:	CVE-2019-12627

LAST UPDATE DATE

2024-08-14T15:07:38.102000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-144392	date:	2020-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-008633	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1650	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-12627	date:	2020-10-08T14:41:09.530

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-144392	date:	2019-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-008633	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1650	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2019-12627	date:	2019-08-21T19:15:13.293