ID

VAR-201908-0276


CVE

CVE-2019-12627


TITLE

Cisco Firepower Threat Defense Software access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008633

DESCRIPTION

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data

Trust: 1.71

sources: NVD: CVE-2019-12627 // JVNDB: JVNDB-2019-008633 // VULHUB: VHN-144392

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.4

Trust: 1.0

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008633 // NVD: CVE-2019-12627

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12627
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12627
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12627
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-1650
value: HIGH

Trust: 0.6

VULHUB: VHN-144392
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12627
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144392
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12627
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12627
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-12627
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144392 // JVNDB: JVNDB-2019-008633 // CNNVD: CNNVD-201908-1650 // NVD: CVE-2019-12627 // NVD: CVE-2019-12627

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-144392 // JVNDB: JVNDB-2019-008633 // NVD: CVE-2019-12627

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1650

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-1650

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008633

PATCH

title:cisco-sa-20190821-frpwr-td-infourl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-frpwr-td-info

Trust: 0.8

title:Cisco Firepower Threat Defense Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97262

Trust: 0.6

sources: JVNDB: JVNDB-2019-008633 // CNNVD: CNNVD-201908-1650

EXTERNAL IDS

db:NVDid:CVE-2019-12627

Trust: 2.5

db:JVNDBid:JVNDB-2019-008633

Trust: 0.8

db:CNNVDid:CNNVD-201908-1650

Trust: 0.7

db:AUSCERTid:ESB-2019.3199

Trust: 0.6

db:VULHUBid:VHN-144392

Trust: 0.1

sources: VULHUB: VHN-144392 // JVNDB: JVNDB-2019-008633 // CNNVD: CNNVD-201908-1650 // NVD: CVE-2019-12627

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-frpwr-td-info

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12627

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12627

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.3199/

Trust: 0.6

sources: VULHUB: VHN-144392 // JVNDB: JVNDB-2019-008633 // CNNVD: CNNVD-201908-1650 // NVD: CVE-2019-12627

CREDITS

Andrew Taylor of West Monroe Partners .

Trust: 0.6

sources: CNNVD: CNNVD-201908-1650

SOURCES

db:VULHUBid:VHN-144392
db:JVNDBid:JVNDB-2019-008633
db:CNNVDid:CNNVD-201908-1650
db:NVDid:CVE-2019-12627

LAST UPDATE DATE

2024-11-23T22:58:37.238000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144392date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-008633date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-1650date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12627date:2024-11-21T04:23:13.203

SOURCES RELEASE DATE

db:VULHUBid:VHN-144392date:2019-08-21T00:00:00
db:JVNDBid:JVNDB-2019-008633date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-1650date:2019-08-21T00:00:00
db:NVDid:CVE-2019-12627date:2019-08-21T19:15:13.293