ID

VAR-201910-0371


CVE

CVE-2019-12699


TITLE

Cisco FXOS and Firepower Threat Defense Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010471

DESCRIPTION

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. Cisco FXOS and Firepower Threat Defense (FTD) The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An input validation error vulnerability exists in the CLI in Cisco FXOS Software and Cisco FTD. The following products and versions are affected: Cisco Firepower 1000 Series Appliances; Cisco Firepower 2100 Series Appliances; Cisco Firepower 4100 Series Appliances; Cisco Firepower 9300 Series Appliances

Trust: 1.71

sources: NVD: CVE-2019-12699 // JVNDB: JVNDB-2019-010471 // VULHUB: VHN-144471

AFFECTED PRODUCTS

vendor:ciscomodel:firepower 9300scope:eqversion:2.4\(1.214\)

Trust: 1.0

vendor:ciscomodel:firepower 9300scope:eqversion:2.4\(2.54\)

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.3.1.155

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.2.0

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.4

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.4.1.238

Trust: 1.0

vendor:ciscomodel:firepower 9300scope:eqversion:r241

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.3.0.3

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:lteversion:6.1.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.2.3.14

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.3.0

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.3

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.2.2.101

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.0

Trust: 1.0

vendor:ciscomodel:firepower 9300scope:eqversion:2.4\(1.216\)

Trust: 1.0

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower 9300scope: - version: -

Trust: 0.8

vendor:ciscomodel:fx-osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010471 // NVD: CVE-2019-12699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12699
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12699
value: HIGH

Trust: 1.0

NVD: CVE-2019-12699
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-090
value: HIGH

Trust: 0.6

VULHUB: VHN-144471
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12699
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144471
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12699
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12699
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-12699
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144471 // JVNDB: JVNDB-2019-010471 // CNNVD: CNNVD-201910-090 // NVD: CVE-2019-12699 // NVD: CVE-2019-12699

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-144471 // JVNDB: JVNDB-2019-010471 // NVD: CVE-2019-12699

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-090

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-090

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010471

PATCH

title:cisco-sa-20191002-fxos-cmd-injecturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject

Trust: 0.8

title:Cisco Firepower Threat Defense and Cisco FXOS Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98826

Trust: 0.6

sources: JVNDB: JVNDB-2019-010471 // CNNVD: CNNVD-201910-090

EXTERNAL IDS

db:NVDid:CVE-2019-12699

Trust: 2.5

db:JVNDBid:JVNDB-2019-010471

Trust: 0.8

db:CNNVDid:CNNVD-201910-090

Trust: 0.7

db:AUSCERTid:ESB-2019.3713

Trust: 0.6

db:VULHUBid:VHN-144471

Trust: 0.1

sources: VULHUB: VHN-144471 // JVNDB: JVNDB-2019-010471 // CNNVD: CNNVD-201910-090 // NVD: CVE-2019-12699

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-fxos-cmd-inject

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12699

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12699

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.3713/

Trust: 0.6

sources: VULHUB: VHN-144471 // JVNDB: JVNDB-2019-010471 // CNNVD: CNNVD-201910-090 // NVD: CVE-2019-12699

SOURCES

db:VULHUBid:VHN-144471
db:JVNDBid:JVNDB-2019-010471
db:CNNVDid:CNNVD-201910-090
db:NVDid:CVE-2019-12699

LAST UPDATE DATE

2024-11-23T22:21:26.270000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144471date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-010471date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-090date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12699date:2024-11-21T04:23:23.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-144471date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010471date:2019-10-16T00:00:00
db:CNNVDid:CNNVD-201910-090date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12699date:2019-10-02T19:15:13.733