ID

VAR-201910-0366


CVE

CVE-2019-12694


TITLE

Cisco Firepower Threat Defense Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010481

DESCRIPTION

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. Cisco Firepower Threat Defense (FTD) The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2019-12694 // JVNDB: JVNDB-2019-010481 // VULHUB: VHN-144466

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.5

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.4

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.0

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.1

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:5.3.0

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:5.4.0

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.1.3

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.1.2

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.0.1

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.1.1

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-010481 // CNNVD: CNNVD-201910-092 // NVD: CVE-2019-12694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12694
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12694
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12694
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-092
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144466
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12694
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144466
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12694
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12694
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144466 // JVNDB: JVNDB-2019-010481 // CNNVD: CNNVD-201910-092 // NVD: CVE-2019-12694 // NVD: CVE-2019-12694

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-144466 // JVNDB: JVNDB-2019-010481 // NVD: CVE-2019-12694

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-092

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-092

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010481

PATCH

title:cisco-sa-20191002-ftd-cmdinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-cmdinj

Trust: 0.8

title:Cisco Firepower Threat Defense Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98828

Trust: 0.6

sources: JVNDB: JVNDB-2019-010481 // CNNVD: CNNVD-201910-092

EXTERNAL IDS

db:NVDid:CVE-2019-12694

Trust: 2.5

db:JVNDBid:JVNDB-2019-010481

Trust: 0.8

db:CNNVDid:CNNVD-201910-092

Trust: 0.7

db:AUSCERTid:ESB-2019.3708

Trust: 0.6

db:VULHUBid:VHN-144466

Trust: 0.1

sources: VULHUB: VHN-144466 // JVNDB: JVNDB-2019-010481 // CNNVD: CNNVD-201910-092 // NVD: CVE-2019-12694

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-ftd-cmdinj

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12694

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12694

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-ftd-container-esc

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3708/

Trust: 0.6

sources: VULHUB: VHN-144466 // JVNDB: JVNDB-2019-010481 // CNNVD: CNNVD-201910-092 // NVD: CVE-2019-12694

SOURCES

db:VULHUBid:VHN-144466
db:JVNDBid:JVNDB-2019-010481
db:CNNVDid:CNNVD-201910-092
db:NVDid:CVE-2019-12694

LAST UPDATE DATE

2024-08-14T13:55:07.662000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144466date:2019-10-10T00:00:00
db:JVNDBid:JVNDB-2019-010481date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-092date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12694date:2019-10-10T16:57:02.447

SOURCES RELEASE DATE

db:VULHUBid:VHN-144466date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010481date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-092date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12694date:2019-10-02T19:15:13.390