Details of VAR-201910-0358

ID

VAR-201910-0358

CVE

CVE-2019-12685

TITLE

Cisco Firepower Management Center In software SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010344

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.71

sources: NVD: CVE-2019-12685 // JVNDB: JVNDB-2019-010344 // VULHUB: VHN-144456

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.2	Trust: 1.6
vendor:	cisco	model:	firepower management center	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-010344 // CNNVD: CNNVD-201910-093 // NVD: CVE-2019-12685

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12685
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12685
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12685
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201910-093
value:	HIGH
Trust: 0.6
VULHUB:	VHN-144456
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-12685
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-144456
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-12685
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-12685
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-144456 // JVNDB: JVNDB-2019-010344 // CNNVD: CNNVD-201910-093 // NVD: CVE-2019-12685 // NVD: CVE-2019-12685

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-144456 // JVNDB: JVNDB-2019-010344 // NVD: CVE-2019-12685

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-093

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-093

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010344

PATCH

title:	cisco-sa-20191002-fmc-sql-inj	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj	Trust: 0.8
title:	Cisco Firepower Management Center SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98829	Trust: 0.6

sources: JVNDB: JVNDB-2019-010344 // CNNVD: CNNVD-201910-093

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12685	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-010344	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-093	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3699.2	Trust: 0.6
db:	VULHUB	id:	VHN-144456	Trust: 0.1

sources: VULHUB: VHN-144456 // JVNDB: JVNDB-2019-010344 // CNNVD: CNNVD-201910-093 // NVD: CVE-2019-12685

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12685	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12685	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3699.2/	Trust: 0.6

sources: VULHUB: VHN-144456 // JVNDB: JVNDB-2019-010344 // CNNVD: CNNVD-201910-093 // NVD: CVE-2019-12685

SOURCES

db:	VULHUB	id:	VHN-144456
db:	JVNDB	id:	JVNDB-2019-010344
db:	CNNVD	id:	CNNVD-201910-093
db:	NVD	id:	CVE-2019-12685

LAST UPDATE DATE

2024-08-14T13:44:39.873000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-144456	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-010344	date:	2019-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201910-093	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-12685	date:	2019-10-09T23:46:04.983

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-144456	date:	2019-10-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-010344	date:	2019-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201910-093	date:	2019-10-02T00:00:00
db:	NVD	id:	CVE-2019-12685	date:	2019-10-02T19:15:12.890