Details of VAR-201910-0361

ID

VAR-201910-0361

CVE

CVE-2019-12688

TITLE

Cisco Firepower Management Center Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-010486 // CNNVD: CNNVD-201910-097

DESCRIPTION

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device. Cisco Firepower Management Center (FMC) Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.71

sources: NVD: CVE-2019-12688 // JVNDB: JVNDB-2019-010486 // VULHUB: VHN-144459

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	eq	version:	6.2.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-010486 // NVD: CVE-2019-12688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12688
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12688
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12688
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201910-097
value:	HIGH
Trust: 0.6
VULHUB:	VHN-144459
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-12688
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-144459
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-12688
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-12688
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-144459 // JVNDB: JVNDB-2019-010486 // CNNVD: CNNVD-201910-097 // NVD: CVE-2019-12688 // NVD: CVE-2019-12688

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-20	Trust: 1.1

sources: VULHUB: VHN-144459 // JVNDB: JVNDB-2019-010486 // NVD: CVE-2019-12688

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-097

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-097

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010486

PATCH

title:	cisco-sa-20191002-fmc-rce	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce	Trust: 0.8
title:	Cisco Firepower Management Center Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98833	Trust: 0.6

sources: JVNDB: JVNDB-2019-010486 // CNNVD: CNNVD-201910-097

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12688	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-010486	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-097	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3699.2	Trust: 0.6
db:	VULHUB	id:	VHN-144459	Trust: 0.1

sources: VULHUB: VHN-144459 // JVNDB: JVNDB-2019-010486 // CNNVD: CNNVD-201910-097 // NVD: CVE-2019-12688

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12688	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12688	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3699.2/	Trust: 0.6

sources: VULHUB: VHN-144459 // JVNDB: JVNDB-2019-010486 // CNNVD: CNNVD-201910-097 // NVD: CVE-2019-12688

SOURCES

db:	VULHUB	id:	VHN-144459
db:	JVNDB	id:	JVNDB-2019-010486
db:	CNNVD	id:	CNNVD-201910-097
db:	NVD	id:	CVE-2019-12688

LAST UPDATE DATE

2024-08-14T13:44:43.710000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-144459	date:	2020-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-010486	date:	2019-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201910-097	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-12688	date:	2020-10-08T14:04:02.317

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-144459	date:	2019-10-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-010486	date:	2019-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201910-097	date:	2019-10-02T00:00:00
db:	NVD	id:	CVE-2019-12688	date:	2019-10-02T19:15:13.077