ID

VAR-201910-0362


CVE

CVE-2019-12689


TITLE

Cisco Firepower Management Center Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010485

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.71

sources: NVD: CVE-2019-12689 // JVNDB: JVNDB-2019-010485 // VULHUB: VHN-144460

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:ltversion:6.2.2.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.11

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.10

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.8

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.1

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.3

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.9

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.2

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.5

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.4

Trust: 0.6

sources: JVNDB: JVNDB-2019-010485 // CNNVD: CNNVD-201910-098 // NVD: CVE-2019-12689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12689
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12689
value: HIGH

Trust: 1.0

NVD: CVE-2019-12689
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-098
value: HIGH

Trust: 0.6

VULHUB: VHN-144460
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12689
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144460
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12689
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12689
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-12689
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144460 // JVNDB: JVNDB-2019-010485 // CNNVD: CNNVD-201910-098 // NVD: CVE-2019-12689 // NVD: CVE-2019-12689

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-144460 // JVNDB: JVNDB-2019-010485 // NVD: CVE-2019-12689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-098

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-098

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010485

PATCH

title:cisco-sa-20191002-fmc-rce-12689url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce-12689

Trust: 0.8

title:Cisco Firepower Management Center Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98834

Trust: 0.6

sources: JVNDB: JVNDB-2019-010485 // CNNVD: CNNVD-201910-098

EXTERNAL IDS

db:NVDid:CVE-2019-12689

Trust: 2.5

db:JVNDBid:JVNDB-2019-010485

Trust: 0.8

db:CNNVDid:CNNVD-201910-098

Trust: 0.7

db:AUSCERTid:ESB-2019.3699.2

Trust: 0.6

db:VULHUBid:VHN-144460

Trust: 0.1

sources: VULHUB: VHN-144460 // JVNDB: JVNDB-2019-010485 // CNNVD: CNNVD-201910-098 // NVD: CVE-2019-12689

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12689

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12689

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3699.2/

Trust: 0.6

sources: VULHUB: VHN-144460 // JVNDB: JVNDB-2019-010485 // CNNVD: CNNVD-201910-098 // NVD: CVE-2019-12689

SOURCES

db:VULHUBid:VHN-144460
db:JVNDBid:JVNDB-2019-010485
db:CNNVDid:CNNVD-201910-098
db:NVDid:CVE-2019-12689

LAST UPDATE DATE

2024-08-14T13:44:43.684000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144460date:2019-10-10T00:00:00
db:JVNDBid:JVNDB-2019-010485date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-098date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12689date:2019-10-10T17:23:37.067

SOURCES RELEASE DATE

db:VULHUBid:VHN-144460date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010485date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-098date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12689date:2019-10-02T19:15:13.140