CVE-2019-12682 — SQL Injection in Cisco Firepower Management Center

CWE-89 — SQL Injection4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 24.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Management Center Cisco Secure Firewall Management Center

Timeline

PublishedOct 2

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_management_centerunspecified — n/a

▶NVDcisco/secure_firewall_management_center6.2.2

🔴Vulnerability Details

GHSA

GHSA-5p9v-45c4-qx9w: Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remot↗2022-05-24

▶

CVEList

Cisco Firepower Management Center SQL Injection Vulnerabilities↗2019-10-02

▶

📋Vendor Advisories

Cisco

Cisco Firepower Management Center SQL Injection Vulnerabilities↗2019-10-02

▶