CVE-2019-12699 (GCVE-0-2019-12699)
Vulnerability from cvelistv5 – Published: 2019-10-02 19:06 – Updated: 2024-11-20 17:06
VLAI?
Summary
Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Extensible Operating System (FXOS) |
Affected:
unspecified , < n/a
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:39.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20191002 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-12699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:51:10.583231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:06:54.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Extensible Operating System (FXOS)",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T19:06:49",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20191002 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject"
}
],
"source": {
"advisory": "cisco-sa-20191002-fxos-cmd-inject",
"defect": [
[
"CSCvm14277",
"CSCvm14279",
"CSCvm25813",
"CSCvm25894",
"CSCvo42621",
"CSCvo42651",
"CSCvo83496"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-10-02T16:00:00-0700",
"ID": "CVE-2019-12699",
"STATE": "PUBLIC",
"TITLE": "Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Extensible Operating System (FXOS)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20191002 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject"
}
]
},
"source": {
"advisory": "cisco-sa-20191002-fxos-cmd-inject",
"defect": [
[
"CSCvm14277",
"CSCvm14279",
"CSCvm25813",
"CSCvm25894",
"CSCvo42621",
"CSCvo42651",
"CSCvo83496"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-12699",
"datePublished": "2019-10-02T19:06:49.219612Z",
"dateReserved": "2019-06-04T00:00:00",
"dateUpdated": "2024-11-20T17:06:54.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\\\(1.214\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"161C90D0-2257-48B6-A77F-D3BDBE129B04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\\\(1.216\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92DD9BE2-301F-4773-8028-CFE376E775FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\\\(2.54\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFA20FE6-2364-43C9-BCD4-720159BD08B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:firepower_9300_firmware:r241:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9204F1F-5094-40F5-88C2-A709E599FFE8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07DAFDDA-718B-4B69-A524-B0CEB80FE960\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.1.0\", \"matchCriteriaId\": \"BC5F3455-0918-4F29-987F-376FF74F8CE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2.0\", \"versionEndExcluding\": \"6.2.3.14\", \"matchCriteriaId\": \"3C50547D-4EEE-40B2-80F3-DC0059DF5B27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.3.0\", \"versionEndExcluding\": \"6.3.0.3\", \"matchCriteriaId\": \"9A16803C-579C-4992-B37E-7CEC17307659\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6F79864-CA70-4192-AC2C-E174DF3F25B2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D23A26EF-5B43-437C-A962-4FC69D8A0FF4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0\", \"versionEndExcluding\": \"2.2.2.101\", \"matchCriteriaId\": \"E80B3246-5C14-4F5E-B105-DA354CE54E99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.3\", \"versionEndExcluding\": \"2.3.1.155\", \"matchCriteriaId\": \"3D69E67A-C3CE-4714-9DFF-6D4FAD4FA3BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4\", \"versionEndExcluding\": \"2.4.1.238\", \"matchCriteriaId\": \"205AC1E3-B978-45B9-A6C2-FDCC7EBB73D4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E9552E6-0B9B-4B32-BE79-90D4E3887A7B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:firepower_9300:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5F3E15A-5407-4C25-97AF-7E53173C6892\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades en la CLI del Software Cisco FXOS y del Software Cisco Firepower Threat Defense (FTD), podr\\u00edan permitir a un atacante local autenticado ejecutar comandos en el sistema operativo (SO) subyacente con privilegios de root. Estas vulnerabilidades son debido a una comprobaci\\u00f3n de entrada insuficiente. Un atacante podr\\u00eda explotar estas vulnerabilidades mediante la incorporaci\\u00f3n de argumentos dise\\u00f1ados en comandos espec\\u00edficos de la CLI. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir al atacante ejecutar comandos sobre el sistema operativo subyacente con privilegios de root.\"}]",
"id": "CVE-2019-12699",
"lastModified": "2024-11-21T04:23:23.350",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-10-02T19:15:13.733",
"references": "[{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-12699\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2019-10-02T19:15:13.733\",\"lastModified\":\"2024-11-21T04:23:23.350\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades en la CLI del Software Cisco FXOS y del Software Cisco Firepower Threat Defense (FTD), podr\u00edan permitir a un atacante local autenticado ejecutar comandos en el sistema operativo (SO) subyacente con privilegios de root. Estas vulnerabilidades son debido a una comprobaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda explotar estas vulnerabilidades mediante la incorporaci\u00f3n de argumentos dise\u00f1ados en comandos espec\u00edficos de la CLI. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos sobre el sistema operativo subyacente con privilegios de root.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\\\(1.214\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"161C90D0-2257-48B6-A77F-D3BDBE129B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\\\(1.216\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92DD9BE2-301F-4773-8028-CFE376E775FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\\\(2.54\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFA20FE6-2364-43C9-BCD4-720159BD08B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_9300_firmware:r241:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9204F1F-5094-40F5-88C2-A709E599FFE8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DAFDDA-718B-4B69-A524-B0CEB80FE960\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.1.0\",\"matchCriteriaId\":\"BC5F3455-0918-4F29-987F-376FF74F8CE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndExcluding\":\"6.2.3.14\",\"matchCriteriaId\":\"3C50547D-4EEE-40B2-80F3-DC0059DF5B27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3.0\",\"versionEndExcluding\":\"6.3.0.3\",\"matchCriteriaId\":\"9A16803C-579C-4992-B37E-7CEC17307659\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6F79864-CA70-4192-AC2C-E174DF3F25B2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D23A26EF-5B43-437C-A962-4FC69D8A0FF4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"2.2.2.101\",\"matchCriteriaId\":\"E80B3246-5C14-4F5E-B105-DA354CE54E99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"2.3.1.155\",\"matchCriteriaId\":\"3D69E67A-C3CE-4714-9DFF-6D4FAD4FA3BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4\",\"versionEndExcluding\":\"2.4.1.238\",\"matchCriteriaId\":\"205AC1E3-B978-45B9-A6C2-FDCC7EBB73D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E9552E6-0B9B-4B32-BE79-90D4E3887A7B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5F3E15A-5407-4C25-97AF-7E53173C6892\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject\", \"name\": \"20191002 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T23:24:39.241Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-12699\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-20T16:51:10.583231Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-20T16:52:26.135Z\"}}], \"cna\": {\"title\": \"Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities\", \"source\": {\"defect\": [[\"CSCvm14277\", \"CSCvm14279\", \"CSCvm25813\", \"CSCvm25894\", \"CSCvo42621\", \"CSCvo42651\", \"CSCvo83496\"]], \"advisory\": \"cisco-sa-20191002-fxos-cmd-inject\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"baseScore\": 8.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Firepower Extensible Operating System (FXOS)\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"n/a\", \"versionType\": \"custom\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"datePublic\": \"2019-10-02T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject\", \"name\": \"20191002 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2019-10-02T19:06:49\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"8.8\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\"}}, \"source\": {\"defect\": [[\"CSCvm14277\", \"CSCvm14279\", \"CSCvm25813\", \"CSCvm25894\", \"CSCvo42621\", \"CSCvo42651\", \"CSCvo83496\"]], \"advisory\": \"cisco-sa-20191002-fxos-cmd-inject\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"affected\": \"\u003c\", \"version_value\": \"n/a\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Cisco Firepower Extensible Operating System (FXOS)\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject\", \"name\": \"20191002 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-12699\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2019-10-02T16:00:00-0700\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2019-12699\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-20T17:06:54.317Z\", \"dateReserved\": \"2019-06-04T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2019-10-02T19:06:49.219612Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…