Sign-up

ID

VAR-201910-0338


CVE

CVE-2019-12701


TITLE

Cisco Firepower Management Center Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010446

DESCRIPTION

A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. The vulnerability exists because the affected software insufficiently validates incoming traffic. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to bypass the file and malware inspection policies and send malicious traffic through the affected device. Cisco Firepower Management Center (FMC) The software contains an input validation vulnerability.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2019-12701 // JVNDB: JVNDB-2019-010446 // VULHUB: VHN-144474

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:vdb fingerprint databasescope:ltversion:327

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:vdb fingerprint databasescope: - version: -

Trust: 0.8

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:300

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:292

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:297

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:291

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:298

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:299

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:294

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion: -

Trust: 0.6

vendor:ciscomodel:vdb fingerprint databasescope:eqversion:290

Trust: 0.6

sources: JVNDB: JVNDB-2019-010446 // CNNVD: CNNVD-201910-105 // NVD: CVE-2019-12701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12701
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12701
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12701
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-105
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144474
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12701
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144474
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12701
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12701
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144474 // JVNDB: JVNDB-2019-010446 // CNNVD: CNNVD-201910-105 // NVD: CVE-2019-12701 // NVD: CVE-2019-12701

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-144474 // JVNDB: JVNDB-2019-010446 // NVD: CVE-2019-12701

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-105

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-105

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010446

PATCH
title:cisco-sa-20191002-fire-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fire-bypass
Trust: 0.8
title:Cisco Firepower Management Center Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98841
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010446 // 
            
            
            
            CNNVD: CNNVD-201910-105

EXTERNAL IDS
db:NVDid:CVE-2019-12701
Trust: 2.5
db:JVNDBid:JVNDB-2019-010446
Trust: 0.8
db:CNNVDid:CNNVD-201910-105
Trust: 0.7
db:AUSCERTid:ESB-2019.3699.2
Trust: 0.6
db:VULHUBid:VHN-144474
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144474 // 
            
            
            
            JVNDB: JVNDB-2019-010446 // 
            
            
            
            CNNVD: CNNVD-201910-105 // 
            
            
            
            NVD: CVE-2019-12701

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12701
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12701
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3699.2/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144474 // 
            
            
            
            JVNDB: JVNDB-2019-010446 // 
            
            
            
            CNNVD: CNNVD-201910-105 // 
            
            
            
            NVD: CVE-2019-12701

SOURCES
db:VULHUBid:VHN-144474
db:JVNDBid:JVNDB-2019-010446
db:CNNVDid:CNNVD-201910-105
db:NVDid:CVE-2019-12701

LAST UPDATE DATE
2024-08-14T13:44:43.605000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144474date:2019-10-10T00:00:00
db:JVNDBid:JVNDB-2019-010446date:2019-10-15T00:00:00
db:CNNVDid:CNNVD-201910-105date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12701date:2019-10-10T19:45:20.453

SOURCES RELEASE DATE
db:VULHUBid:VHN-144474date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010446date:2019-10-15T00:00:00
db:CNNVDid:CNNVD-201910-105date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12701date:2019-10-02T19:15:13.890