ID

VAR-201910-0360


CVE

CVE-2019-12687


TITLE

Cisco Firepower Management Center Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-010489 // CNNVD: CNNVD-201910-095

DESCRIPTION

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device. Cisco Firepower Management Center (FMC) Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.8

sources: NVD: CVE-2019-12687 // JVNDB: JVNDB-2019-010489 // VULHUB: VHN-144458 // VULMON: CVE-2019-12687

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010489 // NVD: CVE-2019-12687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12687
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12687
value: HIGH

Trust: 1.0

NVD: CVE-2019-12687
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-095
value: HIGH

Trust: 0.6

VULHUB: VHN-144458
value: HIGH

Trust: 0.1

VULMON: CVE-2019-12687
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12687
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-144458
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12687
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12687
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144458 // VULMON: CVE-2019-12687 // JVNDB: JVNDB-2019-010489 // CNNVD: CNNVD-201910-095 // NVD: CVE-2019-12687 // NVD: CVE-2019-12687

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-144458 // JVNDB: JVNDB-2019-010489 // NVD: CVE-2019-12687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-095

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-095

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010489

PATCH

title:cisco-sa-20191002-fmc-rceurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce

Trust: 0.8

title:Cisco Firepower Management Center Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98831

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2019/10/04/cisco_patches/

Trust: 0.2

title:Cisco: Cisco Firepower Management Center Remote Code Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20191002-fmc-rce

Trust: 0.1

sources: VULMON: CVE-2019-12687 // JVNDB: JVNDB-2019-010489 // CNNVD: CNNVD-201910-095

EXTERNAL IDS

db:NVDid:CVE-2019-12687

Trust: 2.6

db:JVNDBid:JVNDB-2019-010489

Trust: 0.8

db:CNNVDid:CNNVD-201910-095

Trust: 0.7

db:AUSCERTid:ESB-2019.3699.2

Trust: 0.6

db:VULHUBid:VHN-144458

Trust: 0.1

db:VULMONid:CVE-2019-12687

Trust: 0.1

sources: VULHUB: VHN-144458 // VULMON: CVE-2019-12687 // JVNDB: JVNDB-2019-010489 // CNNVD: CNNVD-201910-095 // NVD: CVE-2019-12687

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2019-12687

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12687

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3699.2/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-144458 // VULMON: CVE-2019-12687 // JVNDB: JVNDB-2019-010489 // CNNVD: CNNVD-201910-095 // NVD: CVE-2019-12687

SOURCES

db:VULHUBid:VHN-144458
db:VULMONid:CVE-2019-12687
db:JVNDBid:JVNDB-2019-010489
db:CNNVDid:CNNVD-201910-095
db:NVDid:CVE-2019-12687

LAST UPDATE DATE

2024-08-14T13:44:43.516000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144458date:2020-10-08T00:00:00
db:VULMONid:CVE-2019-12687date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-010489date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-095date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12687date:2020-10-08T14:04:15.643

SOURCES RELEASE DATE

db:VULHUBid:VHN-144458date:2019-10-02T00:00:00
db:VULMONid:CVE-2019-12687date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010489date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-095date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12687date:2019-10-02T19:15:13.017