Details of VAR-201910-0337

ID

VAR-201910-0337

CVE

CVE-2019-12700

TITLE

plural Cisco Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010595

DESCRIPTION

A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system

Trust: 1.71

sources: NVD: CVE-2019-12700 // JVNDB: JVNDB-2019-010595 // VULHUB: VHN-144473

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	lt	version:	6.2.3.7	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	lt	version:	2.6.1.131	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.2.3	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	gte	version:	6.2.3	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	lte	version:	2.2	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	gte	version:	2.4	Trust: 1.0
vendor:	cisco	model:	firepower 9300	scope:	eq	version:	r114	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.2.2.5	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.2.3.14	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	lt	version:	2.3.1.155	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	lte	version:	6.1.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.2.3.7	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	cisco	model:	firepower 9300	scope:	eq	version:	r241	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	gte	version:	2.3	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lte	version:	6.1.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	lt	version:	6.2.3.14	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower 9300	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	fx-os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-010595 // NVD: CVE-2019-12700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12700
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12700
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12700
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201910-083
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-144473
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-12700
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-144473
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12700
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12700
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-12700
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-144473 // JVNDB: JVNDB-2019-010595 // CNNVD: CNNVD-201910-083 // NVD: CVE-2019-12700 // NVD: CVE-2019-12700

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.9
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: VULHUB: VHN-144473 // JVNDB: JVNDB-2019-010595 // NVD: CVE-2019-12700

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-083

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-083

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010595

PATCH

title:	cisco-sa-20191002-ftd-fpmc-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos	Trust: 0.8
title:	Cisco Firepower Threat Defense , Cisco Firepower Management Center and FXOS Software Pluggable Authentication Module Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98819	Trust: 0.6

sources: JVNDB: JVNDB-2019-010595 // CNNVD: CNNVD-201910-083

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12700	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-010595	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-083	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3712	Trust: 0.6
db:	VULHUB	id:	VHN-144473	Trust: 0.1

sources: VULHUB: VHN-144473 // JVNDB: JVNDB-2019-010595 // CNNVD: CNNVD-201910-083 // NVD: CVE-2019-12700

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-ftd-fpmc-dos	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12700	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12700	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.3712/	Trust: 0.6

sources: VULHUB: VHN-144473 // JVNDB: JVNDB-2019-010595 // CNNVD: CNNVD-201910-083 // NVD: CVE-2019-12700

CREDITS

This vulnerability was found by Sanmith Prakash of Cisco during internal security testing.

Trust: 0.6

sources: CNNVD: CNNVD-201910-083

SOURCES

db:	VULHUB	id:	VHN-144473
db:	JVNDB	id:	JVNDB-2019-010595
db:	CNNVD	id:	CNNVD-201910-083
db:	NVD	id:	CVE-2019-12700

LAST UPDATE DATE

2024-08-14T15:43:34.737000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-144473	date:	2020-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-010595	date:	2019-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201910-083	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-12700	date:	2023-04-20T15:27:48.130

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-144473	date:	2019-10-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-010595	date:	2019-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201910-083	date:	2019-10-02T00:00:00
db:	NVD	id:	CVE-2019-12700	date:	2019-10-02T19:15:13.810