Sign-up

ID

VAR-201910-0354


CVE

CVE-2019-12681


TITLE

Cisco Firepower Management Center In software SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010348

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco. The following products and versions are affected: Cisco FMC Release 6.0.0, Release 6.2.0, Release 6.2.1, Release 6.2.2

Trust: 1.71

sources: NVD: CVE-2019-12681 // JVNDB: JVNDB-2019-010348 // VULHUB: VHN-144452

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 1.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0

Trust: 1.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.1

Trust: 1.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.0.0

Trust: 1.6

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010348 // CNNVD: CNNVD-201910-086 // NVD: CVE-2019-12681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12681
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12681
value: HIGH

Trust: 1.0

NVD: CVE-2019-12681
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-086
value: HIGH

Trust: 0.6

VULHUB: VHN-144452
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12681
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144452
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12681
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12681
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144452 // JVNDB: JVNDB-2019-010348 // CNNVD: CNNVD-201910-086 // NVD: CVE-2019-12681 // NVD: CVE-2019-12681

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-144452 // JVNDB: JVNDB-2019-010348 // NVD: CVE-2019-12681

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-086

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010348

PATCH
title:cisco-sa-20191002-fmc-sql-injurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj
Trust: 0.8
title:Cisco Firepower Management Center SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98822
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010348 // 
            
            
            
            CNNVD: CNNVD-201910-086

EXTERNAL IDS
db:NVDid:CVE-2019-12681
Trust: 2.5
db:JVNDBid:JVNDB-2019-010348
Trust: 0.8
db:CNNVDid:CNNVD-201910-086
Trust: 0.7
db:AUSCERTid:ESB-2019.3699.2
Trust: 0.6
db:VULHUBid:VHN-144452
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144452 // 
            
            
            
            JVNDB: JVNDB-2019-010348 // 
            
            
            
            CNNVD: CNNVD-201910-086 // 
            
            
            
            NVD: CVE-2019-12681

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12681
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12681
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3699.2/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144452 // 
            
            
            
            JVNDB: JVNDB-2019-010348 // 
            
            
            
            CNNVD: CNNVD-201910-086 // 
            
            
            
            NVD: CVE-2019-12681

SOURCES
db:VULHUBid:VHN-144452
db:JVNDBid:JVNDB-2019-010348
db:CNNVDid:CNNVD-201910-086
db:NVDid:CVE-2019-12681

LAST UPDATE DATE
2024-08-14T13:44:43.761000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144452date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010348date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-086date:2019-11-05T00:00:00
db:NVDid:CVE-2019-12681date:2019-10-09T23:46:04.420

SOURCES RELEASE DATE
db:VULHUBid:VHN-144452date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010348date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-086date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12681date:2019-10-02T19:15:12.577