Sign-up

ID

VAR-201910-0366


CVE

CVE-2019-12694


TITLE

Cisco Firepower Threat Defense Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010481

DESCRIPTION

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. Cisco Firepower Threat Defense (FTD) The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2019-12694 // JVNDB: JVNDB-2019-010481 // VULHUB: VHN-144466

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.5

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.4

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.0

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.1

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:5.3.0

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:5.4.0

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.1.3

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.1.2

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.0.1

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.1.1

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-010481 // CNNVD: CNNVD-201910-092 // NVD: CVE-2019-12694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12694
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12694
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12694
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-092
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144466
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12694
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144466
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12694
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12694
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144466 // JVNDB: JVNDB-2019-010481 // CNNVD: CNNVD-201910-092 // NVD: CVE-2019-12694 // NVD: CVE-2019-12694

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-144466 // JVNDB: JVNDB-2019-010481 // NVD: CVE-2019-12694

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-092

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-092

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010481

PATCH
title:cisco-sa-20191002-ftd-cmdinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-cmdinj
Trust: 0.8
title:Cisco Firepower Threat Defense Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98828
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010481 // 
            
            
            
            CNNVD: CNNVD-201910-092

EXTERNAL IDS
db:NVDid:CVE-2019-12694
Trust: 2.5
db:JVNDBid:JVNDB-2019-010481
Trust: 0.8
db:CNNVDid:CNNVD-201910-092
Trust: 0.7
db:AUSCERTid:ESB-2019.3708
Trust: 0.6
db:VULHUBid:VHN-144466
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144466 // 
            
            
            
            JVNDB: JVNDB-2019-010481 // 
            
            
            
            CNNVD: CNNVD-201910-092 // 
            
            
            
            NVD: CVE-2019-12694

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-ftd-cmdinj
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12694
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12694
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-ftd-container-esc
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3708/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144466 // 
            
            
            
            JVNDB: JVNDB-2019-010481 // 
            
            
            
            CNNVD: CNNVD-201910-092 // 
            
            
            
            NVD: CVE-2019-12694

SOURCES
db:VULHUBid:VHN-144466
db:JVNDBid:JVNDB-2019-010481
db:CNNVDid:CNNVD-201910-092
db:NVDid:CVE-2019-12694

LAST UPDATE DATE
2024-08-14T13:55:07.662000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144466date:2019-10-10T00:00:00
db:JVNDBid:JVNDB-2019-010481date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-092date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12694date:2019-10-10T16:57:02.447

SOURCES RELEASE DATE
db:VULHUBid:VHN-144466date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010481date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-092date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12694date:2019-10-02T19:15:13.390