ID

VAR-201910-0359


CVE

CVE-2019-12686


TITLE

Cisco Firepower Management Center In software SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010339

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.71

sources: NVD: CVE-2019-12686 // JVNDB: JVNDB-2019-010339 // VULHUB: VHN-144457

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.3.0

Trust: 1.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 1.6

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010339 // CNNVD: CNNVD-201910-094 // NVD: CVE-2019-12686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12686
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12686
value: HIGH

Trust: 1.0

NVD: CVE-2019-12686
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-094
value: HIGH

Trust: 0.6

VULHUB: VHN-144457
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12686
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144457
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12686
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12686
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144457 // JVNDB: JVNDB-2019-010339 // CNNVD: CNNVD-201910-094 // NVD: CVE-2019-12686 // NVD: CVE-2019-12686

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-144457 // JVNDB: JVNDB-2019-010339 // NVD: CVE-2019-12686

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-094

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-094

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010339

PATCH

title:cisco-sa-20191002-fmc-sql-injurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj

Trust: 0.8

title:Cisco Firepower Management Center SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98830

Trust: 0.6

sources: JVNDB: JVNDB-2019-010339 // CNNVD: CNNVD-201910-094

EXTERNAL IDS

db:NVDid:CVE-2019-12686

Trust: 2.5

db:JVNDBid:JVNDB-2019-010339

Trust: 0.8

db:CNNVDid:CNNVD-201910-094

Trust: 0.7

db:AUSCERTid:ESB-2019.3699.2

Trust: 0.6

db:VULHUBid:VHN-144457

Trust: 0.1

sources: VULHUB: VHN-144457 // JVNDB: JVNDB-2019-010339 // CNNVD: CNNVD-201910-094 // NVD: CVE-2019-12686

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12686

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12686

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3699.2/

Trust: 0.6

sources: VULHUB: VHN-144457 // JVNDB: JVNDB-2019-010339 // CNNVD: CNNVD-201910-094 // NVD: CVE-2019-12686

SOURCES

db:VULHUBid:VHN-144457
db:JVNDBid:JVNDB-2019-010339
db:CNNVDid:CNNVD-201910-094
db:NVDid:CVE-2019-12686

LAST UPDATE DATE

2024-08-14T13:44:43.488000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144457date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010339date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-094date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12686date:2019-10-09T23:46:05.123

SOURCES RELEASE DATE

db:VULHUBid:VHN-144457date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010339date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-094date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12686date:2019-10-02T19:15:12.953