Details of VAR-201910-0359

ID

VAR-201910-0359

CVE

CVE-2019-12686

TITLE

Cisco Firepower Management Center In software SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010339

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.71

sources: NVD: CVE-2019-12686 // JVNDB: JVNDB-2019-010339 // VULHUB: VHN-144457

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.3.0	Trust: 1.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.3	Trust: 1.6
vendor:	cisco	model:	firepower management center	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-010339 // CNNVD: CNNVD-201910-094 // NVD: CVE-2019-12686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12686
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12686
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12686
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201910-094
value:	HIGH
Trust: 0.6
VULHUB:	VHN-144457
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-12686
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-144457
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-12686
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-12686
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-144457 // JVNDB: JVNDB-2019-010339 // CNNVD: CNNVD-201910-094 // NVD: CVE-2019-12686 // NVD: CVE-2019-12686

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-144457 // JVNDB: JVNDB-2019-010339 // NVD: CVE-2019-12686

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-094

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-094

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010339

PATCH

title:	cisco-sa-20191002-fmc-sql-inj	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj	Trust: 0.8
title:	Cisco Firepower Management Center SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98830	Trust: 0.6

sources: JVNDB: JVNDB-2019-010339 // CNNVD: CNNVD-201910-094

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12686	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-010339	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-094	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3699.2	Trust: 0.6
db:	VULHUB	id:	VHN-144457	Trust: 0.1

sources: VULHUB: VHN-144457 // JVNDB: JVNDB-2019-010339 // CNNVD: CNNVD-201910-094 // NVD: CVE-2019-12686

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12686	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12686	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3699.2/	Trust: 0.6

sources: VULHUB: VHN-144457 // JVNDB: JVNDB-2019-010339 // CNNVD: CNNVD-201910-094 // NVD: CVE-2019-12686

SOURCES

db:	VULHUB	id:	VHN-144457
db:	JVNDB	id:	JVNDB-2019-010339
db:	CNNVD	id:	CNNVD-201910-094
db:	NVD	id:	CVE-2019-12686

LAST UPDATE DATE

2024-08-14T13:44:43.488000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-144457	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-010339	date:	2019-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201910-094	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-12686	date:	2019-10-09T23:46:05.123

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-144457	date:	2019-10-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-010339	date:	2019-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201910-094	date:	2019-10-02T00:00:00
db:	NVD	id:	CVE-2019-12686	date:	2019-10-02T19:15:12.953