Details of VAR-201910-0362

ID

VAR-201910-0362

CVE

CVE-2019-12689

TITLE

Cisco Firepower Management Center Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010485

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.71

sources: NVD: CVE-2019-12689 // JVNDB: JVNDB-2019-010485 // VULHUB: VHN-144460

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	lt	version:	6.2.2.2	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.11	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.10	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.8	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.1	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.3	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.9	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.2	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.5	Trust: 0.6
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.12.4	Trust: 0.6

sources: JVNDB: JVNDB-2019-010485 // CNNVD: CNNVD-201910-098 // NVD: CVE-2019-12689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12689
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12689
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12689
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201910-098
value:	HIGH
Trust: 0.6
VULHUB:	VHN-144460
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-12689
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-144460
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12689
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12689
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2019-12689
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-144460 // JVNDB: JVNDB-2019-010485 // CNNVD: CNNVD-201910-098 // NVD: CVE-2019-12689 // NVD: CVE-2019-12689

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-144460 // JVNDB: JVNDB-2019-010485 // NVD: CVE-2019-12689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-098

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-098

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010485

PATCH

title:	cisco-sa-20191002-fmc-rce-12689	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce-12689	Trust: 0.8
title:	Cisco Firepower Management Center Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98834	Trust: 0.6

sources: JVNDB: JVNDB-2019-010485 // CNNVD: CNNVD-201910-098

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12689	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-010485	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-098	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3699.2	Trust: 0.6
db:	VULHUB	id:	VHN-144460	Trust: 0.1

sources: VULHUB: VHN-144460 // JVNDB: JVNDB-2019-010485 // CNNVD: CNNVD-201910-098 // NVD: CVE-2019-12689

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12689	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12689	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3699.2/	Trust: 0.6

sources: VULHUB: VHN-144460 // JVNDB: JVNDB-2019-010485 // CNNVD: CNNVD-201910-098 // NVD: CVE-2019-12689

SOURCES

db:	VULHUB	id:	VHN-144460
db:	JVNDB	id:	JVNDB-2019-010485
db:	CNNVD	id:	CNNVD-201910-098
db:	NVD	id:	CVE-2019-12689

LAST UPDATE DATE

2024-08-14T13:44:43.684000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-144460	date:	2019-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-010485	date:	2019-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201910-098	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-12689	date:	2019-10-10T17:23:37.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-144460	date:	2019-10-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-010485	date:	2019-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201910-098	date:	2019-10-02T00:00:00
db:	NVD	id:	CVE-2019-12689	date:	2019-10-02T19:15:13.140