ID

VAR-201910-0361


CVE

CVE-2019-12688


TITLE

Cisco Firepower Management Center Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-010486 // CNNVD: CNNVD-201910-097

DESCRIPTION

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device. Cisco Firepower Management Center (FMC) Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.71

sources: NVD: CVE-2019-12688 // JVNDB: JVNDB-2019-010486 // VULHUB: VHN-144459

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010486 // NVD: CVE-2019-12688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12688
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12688
value: HIGH

Trust: 1.0

NVD: CVE-2019-12688
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-097
value: HIGH

Trust: 0.6

VULHUB: VHN-144459
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12688
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144459
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12688
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12688
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144459 // JVNDB: JVNDB-2019-010486 // CNNVD: CNNVD-201910-097 // NVD: CVE-2019-12688 // NVD: CVE-2019-12688

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-144459 // JVNDB: JVNDB-2019-010486 // NVD: CVE-2019-12688

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-097

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-097

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010486

PATCH

title:cisco-sa-20191002-fmc-rceurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce

Trust: 0.8

title:Cisco Firepower Management Center Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98833

Trust: 0.6

sources: JVNDB: JVNDB-2019-010486 // CNNVD: CNNVD-201910-097

EXTERNAL IDS

db:NVDid:CVE-2019-12688

Trust: 2.5

db:JVNDBid:JVNDB-2019-010486

Trust: 0.8

db:CNNVDid:CNNVD-201910-097

Trust: 0.7

db:AUSCERTid:ESB-2019.3699.2

Trust: 0.6

db:VULHUBid:VHN-144459

Trust: 0.1

sources: VULHUB: VHN-144459 // JVNDB: JVNDB-2019-010486 // CNNVD: CNNVD-201910-097 // NVD: CVE-2019-12688

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12688

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12688

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3699.2/

Trust: 0.6

sources: VULHUB: VHN-144459 // JVNDB: JVNDB-2019-010486 // CNNVD: CNNVD-201910-097 // NVD: CVE-2019-12688

SOURCES

db:VULHUBid:VHN-144459
db:JVNDBid:JVNDB-2019-010486
db:CNNVDid:CNNVD-201910-097
db:NVDid:CVE-2019-12688

LAST UPDATE DATE

2024-08-14T13:44:43.710000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144459date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-010486date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-097date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12688date:2020-10-08T14:04:02.317

SOURCES RELEASE DATE

db:VULHUBid:VHN-144459date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010486date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-097date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12688date:2019-10-02T19:15:13.077