ID

VAR-201910-0338


CVE

CVE-2019-12701


TITLE

Cisco Firepower Management Center Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010446

DESCRIPTION

A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. The vulnerability exists because the affected software insufficiently validates incoming traffic. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to bypass the file and malware inspection policies and send malicious traffic through the affected device. Cisco Firepower Management Center (FMC) The software contains an input validation vulnerability.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2019-12701 // JVNDB: JVNDB-2019-010446 // VULHUB: VHN-144474

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vdb fingerprint databasescope:ltversion:327

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:vdb fingerprint databasescope: - version: -

Trust: 0.8

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:300

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:292

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:297

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:291

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:298

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:299

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:294

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion: -

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:290

Trust: 0.6

sources: JVNDB: JVNDB-2019-010446 // CNNVD: CNNVD-201910-105 // NVD: CVE-2019-12701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12701
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12701
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12701
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-105
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144474
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12701
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144474
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12701
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12701
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144474 // JVNDB: JVNDB-2019-010446 // CNNVD: CNNVD-201910-105 // NVD: CVE-2019-12701 // NVD: CVE-2019-12701

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-144474 // JVNDB: JVNDB-2019-010446 // NVD: CVE-2019-12701

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-105

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-105

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010446

PATCH

title:cisco-sa-20191002-fire-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fire-bypass

Trust: 0.8

title:Cisco Firepower Management Center Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98841

Trust: 0.6

sources: JVNDB: JVNDB-2019-010446 // CNNVD: CNNVD-201910-105

EXTERNAL IDS

db:NVDid:CVE-2019-12701

Trust: 2.5

db:JVNDBid:JVNDB-2019-010446

Trust: 0.8

db:CNNVDid:CNNVD-201910-105

Trust: 0.7

db:AUSCERTid:ESB-2019.3699.2

Trust: 0.6

db:VULHUBid:VHN-144474

Trust: 0.1

sources: VULHUB: VHN-144474 // JVNDB: JVNDB-2019-010446 // CNNVD: CNNVD-201910-105 // NVD: CVE-2019-12701

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12701

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12701

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3699.2/

Trust: 0.6

sources: VULHUB: VHN-144474 // JVNDB: JVNDB-2019-010446 // CNNVD: CNNVD-201910-105 // NVD: CVE-2019-12701

SOURCES

db:VULHUBid:VHN-144474
db:JVNDBid:JVNDB-2019-010446
db:CNNVDid:CNNVD-201910-105
db:NVDid:CVE-2019-12701

LAST UPDATE DATE

2024-08-14T13:44:43.605000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144474date:2019-10-10T00:00:00
db:JVNDBid:JVNDB-2019-010446date:2019-10-15T00:00:00
db:CNNVDid:CNNVD-201910-105date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12701date:2019-10-10T19:45:20.453

SOURCES RELEASE DATE

db:VULHUBid:VHN-144474date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010446date:2019-10-15T00:00:00
db:CNNVDid:CNNVD-201910-105date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12701date:2019-10-02T19:15:13.890