ID

VAR-201910-0363


CVE

CVE-2019-12690


TITLE

Cisco Firepower Management Center In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010484

DESCRIPTION

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input in the web UI. A successful exploit could allow an attacker to execute arbitrary commands on the device with full root privileges. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.71

sources: NVD: CVE-2019-12690 // JVNDB: JVNDB-2019-010484 // VULHUB: VHN-144462

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:ltversion:6.3.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:ltversion:6.4.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.11

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.10

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.8

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.1

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.3

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.9

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.2

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.5

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.4

Trust: 0.6

sources: JVNDB: JVNDB-2019-010484 // CNNVD: CNNVD-201910-099 // NVD: CVE-2019-12690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12690
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12690
value: HIGH

Trust: 1.0

NVD: CVE-2019-12690
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-099
value: HIGH

Trust: 0.6

VULHUB: VHN-144462
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12690
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144462
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12690
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12690
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144462 // JVNDB: JVNDB-2019-010484 // CNNVD: CNNVD-201910-099 // NVD: CVE-2019-12690 // NVD: CVE-2019-12690

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-144462 // JVNDB: JVNDB-2019-010484 // NVD: CVE-2019-12690

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-099

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-099

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010484

PATCH

title:cisco-sa-20191002-fmc-com-injurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj

Trust: 0.8

title:Cisco Firepower Management Center Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98835

Trust: 0.6

sources: JVNDB: JVNDB-2019-010484 // CNNVD: CNNVD-201910-099

EXTERNAL IDS

db:NVDid:CVE-2019-12690

Trust: 2.5

db:JVNDBid:JVNDB-2019-010484

Trust: 0.8

db:CNNVDid:CNNVD-201910-099

Trust: 0.7

db:AUSCERTid:ESB-2019.3699.2

Trust: 0.6

db:VULHUBid:VHN-144462

Trust: 0.1

sources: VULHUB: VHN-144462 // JVNDB: JVNDB-2019-010484 // CNNVD: CNNVD-201910-099 // NVD: CVE-2019-12690

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12690

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12690

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3699.2/

Trust: 0.6

sources: VULHUB: VHN-144462 // JVNDB: JVNDB-2019-010484 // CNNVD: CNNVD-201910-099 // NVD: CVE-2019-12690

SOURCES

db:VULHUBid:VHN-144462
db:JVNDBid:JVNDB-2019-010484
db:CNNVDid:CNNVD-201910-099
db:NVDid:CVE-2019-12690

LAST UPDATE DATE

2024-08-14T13:44:43.735000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144462date:2019-10-10T00:00:00
db:JVNDBid:JVNDB-2019-010484date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-099date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12690date:2019-10-10T17:17:05.330

SOURCES RELEASE DATE

db:VULHUBid:VHN-144462date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010484date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-099date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12690date:2019-10-02T19:15:13.203