Sign-up

ID

VAR-201910-0371


CVE

CVE-2019-12699


TITLE

Cisco FXOS and Firepower Threat Defense Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010471

DESCRIPTION

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. Cisco FXOS and Firepower Threat Defense (FTD) The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An input validation error vulnerability exists in the CLI in Cisco FXOS Software and Cisco FTD. The following products and versions are affected: Cisco Firepower 1000 Series Appliances; Cisco Firepower 2100 Series Appliances; Cisco Firepower 4100 Series Appliances; Cisco Firepower 9300 Series Appliances

Trust: 1.71

sources: NVD: CVE-2019-12699 // JVNDB: JVNDB-2019-010471 // VULHUB: VHN-144471

AFFECTED PRODUCTS

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.2.2.101

Trust: 1.0

vendor:ciscomodel:firepower 9300scope:eqversion:2.4\(1.216\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.2.0

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.0

Trust: 1.0

vendor:ciscomodel:firepower 9300scope:eqversion:2.4\(2.54\)

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.4

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.4.1.238

Trust: 1.0

vendor:ciscomodel:firepower 9300scope:eqversion:2.4\(1.214\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.3.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.2.3.14

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.3.1.155

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.3

Trust: 1.0

vendor:ciscomodel:firepower 9300scope:eqversion:r241

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.3

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:lteversion:6.1.0

Trust: 1.0

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower 9300scope: - version: -

Trust: 0.8

vendor:ciscomodel:fx-osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010471 // NVD: CVE-2019-12699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12699
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12699
value: HIGH

Trust: 1.0

NVD: CVE-2019-12699
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-090
value: HIGH

Trust: 0.6

VULHUB: VHN-144471
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12699
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144471
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12699
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12699
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-12699
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144471 // JVNDB: JVNDB-2019-010471 // CNNVD: CNNVD-201910-090 // NVD: CVE-2019-12699 // NVD: CVE-2019-12699

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-144471 // JVNDB: JVNDB-2019-010471 // NVD: CVE-2019-12699

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-090

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-090

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010471

PATCH
title:cisco-sa-20191002-fxos-cmd-injecturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject
Trust: 0.8
title:Cisco Firepower Threat Defense  and Cisco FXOS Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98826
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010471 // 
            
            
            
            CNNVD: CNNVD-201910-090

EXTERNAL IDS
db:NVDid:CVE-2019-12699
Trust: 2.5
db:JVNDBid:JVNDB-2019-010471
Trust: 0.8
db:CNNVDid:CNNVD-201910-090
Trust: 0.7
db:AUSCERTid:ESB-2019.3713
Trust: 0.6
db:VULHUBid:VHN-144471
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144471 // 
            
            
            
            JVNDB: JVNDB-2019-010471 // 
            
            
            
            CNNVD: CNNVD-201910-090 // 
            
            
            
            NVD: CVE-2019-12699

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fxos-cmd-inject
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12699
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12699
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.3713/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144471 // 
            
            
            
            JVNDB: JVNDB-2019-010471 // 
            
            
            
            CNNVD: CNNVD-201910-090 // 
            
            
            
            NVD: CVE-2019-12699

SOURCES
db:VULHUBid:VHN-144471
db:JVNDBid:JVNDB-2019-010471
db:CNNVDid:CNNVD-201910-090
db:NVDid:CVE-2019-12699

LAST UPDATE DATE
2024-08-14T13:55:07.582000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144471date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-010471date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-090date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12699date:2023-04-20T15:27:48.130

SOURCES RELEASE DATE
db:VULHUBid:VHN-144471date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010471date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-090date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12699date:2019-10-02T19:15:13.733