Sign-up

ID

VAR-201910-0363


CVE

CVE-2019-12690


TITLE

Cisco Firepower Management Center In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010484

DESCRIPTION

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input in the web UI. A successful exploit could allow an attacker to execute arbitrary commands on the device with full root privileges. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.71

sources: NVD: CVE-2019-12690 // JVNDB: JVNDB-2019-010484 // VULHUB: VHN-144462

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:ltversion:6.3.0.5

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:ltversion:6.4.0.4

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.11

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.10

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.8

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.1

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.3

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.9

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.2

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.5

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:2.9.12.4

Trust: 0.6

sources: JVNDB: JVNDB-2019-010484 // CNNVD: CNNVD-201910-099 // NVD: CVE-2019-12690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12690
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12690
value: HIGH

Trust: 1.0

NVD: CVE-2019-12690
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-099
value: HIGH

Trust: 0.6

VULHUB: VHN-144462
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12690
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144462
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12690
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12690
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144462 // JVNDB: JVNDB-2019-010484 // CNNVD: CNNVD-201910-099 // NVD: CVE-2019-12690 // NVD: CVE-2019-12690

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-144462 // JVNDB: JVNDB-2019-010484 // NVD: CVE-2019-12690

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-099

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-099

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010484

PATCH
title:cisco-sa-20191002-fmc-com-injurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj
Trust: 0.8
title:Cisco Firepower Management Center Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98835
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010484 // 
            
            
            
            CNNVD: CNNVD-201910-099

EXTERNAL IDS
db:NVDid:CVE-2019-12690
Trust: 2.5
db:JVNDBid:JVNDB-2019-010484
Trust: 0.8
db:CNNVDid:CNNVD-201910-099
Trust: 0.7
db:AUSCERTid:ESB-2019.3699.2
Trust: 0.6
db:VULHUBid:VHN-144462
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144462 // 
            
            
            
            JVNDB: JVNDB-2019-010484 // 
            
            
            
            CNNVD: CNNVD-201910-099 // 
            
            
            
            NVD: CVE-2019-12690

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-com-inj
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12690
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12690
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fire-bypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-sql-inj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-rce-12689
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fmc-dir-trav
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3699.2/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144462 // 
            
            
            
            JVNDB: JVNDB-2019-010484 // 
            
            
            
            CNNVD: CNNVD-201910-099 // 
            
            
            
            NVD: CVE-2019-12690

SOURCES
db:VULHUBid:VHN-144462
db:JVNDBid:JVNDB-2019-010484
db:CNNVDid:CNNVD-201910-099
db:NVDid:CVE-2019-12690

LAST UPDATE DATE
2024-08-14T13:44:43.735000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144462date:2019-10-10T00:00:00
db:JVNDBid:JVNDB-2019-010484date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-099date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12690date:2019-10-10T17:17:05.330

SOURCES RELEASE DATE
db:VULHUBid:VHN-144462date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010484date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-099date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12690date:2019-10-02T19:15:13.203