Sign-up

ID

VAR-201910-0360


CVE

CVE-2019-12687


TITLE

Cisco Firepower Management Center Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-010489 // CNNVD: CNNVD-201910-095

DESCRIPTION

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device. Cisco Firepower Management Center (FMC) Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.8

sources: NVD: CVE-2019-12687 // JVNDB: JVNDB-2019-010489 // VULHUB: VHN-144458 // VULMON: CVE-2019-12687

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010489 // NVD: CVE-2019-12687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12687
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12687
value: HIGH

Trust: 1.0

NVD: CVE-2019-12687
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-095
value: HIGH

Trust: 0.6

VULHUB: VHN-144458
value: HIGH

Trust: 0.1

VULMON: CVE-2019-12687
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12687
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-144458
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12687
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12687
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144458 // VULMON: CVE-2019-12687 // JVNDB: JVNDB-2019-010489 // CNNVD: CNNVD-201910-095 // NVD: CVE-2019-12687 // NVD: CVE-2019-12687

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-144458 // JVNDB: JVNDB-2019-010489 // NVD: CVE-2019-12687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-095

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-095

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010489

PATCH
title:cisco-sa-20191002-fmc-rceurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce
Trust: 0.8
title:Cisco Firepower Management Center Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98831
Trust: 0.6
title:The Registerurl:https://www.theregister.co.uk/2019/10/04/cisco_patches/
Trust: 0.2
title:Cisco: Cisco Firepower Management Center Remote Code Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20191002-fmc-rce
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-12687 // 
            
            
            
            JVNDB: JVNDB-2019-010489 // 
            
            
            
            CNNVD: CNNVD-201910-095

EXTERNAL IDS
db:NVDid:CVE-2019-12687
Trust: 2.6
db:JVNDBid:JVNDB-2019-010489
Trust: 0.8
db:CNNVDid:CNNVD-201910-095
Trust: 0.7
db:AUSCERTid:ESB-2019.3699.2
Trust: 0.6
db:VULHUBid:VHN-144458
Trust: 0.1
db:VULMONid:CVE-2019-12687
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144458 // 
            
            
            
            VULMON: CVE-2019-12687 // 
            
            
            
            JVNDB: JVNDB-2019-010489 // 
            
            
            
            CNNVD: CNNVD-201910-095 // 
            
            
            
            NVD: CVE-2019-12687

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-12687
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12687
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3699.2/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144458 // 
            
            
            
            VULMON: CVE-2019-12687 // 
            
            
            
            JVNDB: JVNDB-2019-010489 // 
            
            
            
            CNNVD: CNNVD-201910-095 // 
            
            
            
            NVD: CVE-2019-12687

SOURCES
db:VULHUBid:VHN-144458
db:VULMONid:CVE-2019-12687
db:JVNDBid:JVNDB-2019-010489
db:CNNVDid:CNNVD-201910-095
db:NVDid:CVE-2019-12687

LAST UPDATE DATE
2024-08-14T13:44:43.516000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144458date:2020-10-08T00:00:00
db:VULMONid:CVE-2019-12687date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-010489date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-095date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12687date:2020-10-08T14:04:15.643

SOURCES RELEASE DATE
db:VULHUBid:VHN-144458date:2019-10-02T00:00:00
db:VULMONid:CVE-2019-12687date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010489date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-095date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12687date:2019-10-02T19:15:13.017