FKIE_CVE-2019-12699

Vulnerability from fkie_nvd - Published: 2019-10-02 19:15 - Updated: 2024-11-21 04:23
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-injectVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-injectVendor Advisory
Impacted products
Vendor Product Version
cisco firepower_9300_firmware 2.4\(1.214\)
cisco firepower_9300_firmware 2.4\(1.216\)
cisco firepower_9300_firmware 2.4\(2.54\)
cisco firepower_9300_firmware r241
cisco firepower_9300 -
cisco firepower_threat_defense *
cisco firepower_threat_defense *
cisco firepower_threat_defense *
cisco firepower_1000 -
cisco firepower_2100 -
cisco firepower_extensible_operating_system *
cisco firepower_extensible_operating_system *
cisco firepower_extensible_operating_system *
cisco firepower_4100 -
cisco firepower_9300 *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\(1.214\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "161C90D0-2257-48B6-A77F-D3BDBE129B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\(1.216\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "92DD9BE2-301F-4773-8028-CFE376E775FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\(2.54\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA20FE6-2364-43C9-BCD4-720159BD08B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:firepower_9300_firmware:r241:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9204F1F-5094-40F5-88C2-A709E599FFE8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC5F3455-0918-4F29-987F-376FF74F8CE0",
              "versionEndIncluding": "6.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C50547D-4EEE-40B2-80F3-DC0059DF5B27",
              "versionEndExcluding": "6.2.3.14",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A16803C-579C-4992-B37E-7CEC17307659",
              "versionEndExcluding": "6.3.0.3",
              "versionStartIncluding": "6.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6F79864-CA70-4192-AC2C-E174DF3F25B2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23A26EF-5B43-437C-A962-4FC69D8A0FF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80B3246-5C14-4F5E-B105-DA354CE54E99",
              "versionEndExcluding": "2.2.2.101",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D69E67A-C3CE-4714-9DFF-6D4FAD4FA3BB",
              "versionEndExcluding": "2.3.1.155",
              "versionStartIncluding": "2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "205AC1E3-B978-45B9-A6C2-FDCC7EBB73D4",
              "versionEndExcluding": "2.4.1.238",
              "versionStartIncluding": "2.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E9552E6-0B9B-4B32-BE79-90D4E3887A7B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_9300:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5F3E15A-5407-4C25-97AF-7E53173C6892",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en la CLI del Software Cisco FXOS y del Software Cisco Firepower Threat Defense (FTD), podr\u00edan permitir a un atacante local autenticado ejecutar comandos en el sistema operativo (SO) subyacente con privilegios de root. Estas vulnerabilidades son debido a una comprobaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda explotar estas vulnerabilidades mediante la incorporaci\u00f3n de argumentos dise\u00f1ados en comandos espec\u00edficos de la CLI. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos sobre el sistema operativo subyacente con privilegios de root."
    }
  ],
  "id": "CVE-2019-12699",
  "lastModified": "2024-11-21T04:23:23.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-02T19:15:13.733",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.