CVE-2019-12697 — Protection Mechanism Failure in Cisco Firesight System Software

CWE-693 — Protection Mechanism Failure4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 48.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firesight System Software Cisco Firepower

Timeline

PublishedOct 2

Latest updateMay 24

Description

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_firesight_system_softwareunspecified — n/a

▶NVDcisco/firepower4 versions+3

🔴Vulnerability Details

GHSA

GHSA-rrfx-pqr3-w8hw: Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured↗2022-05-24

▶

CVEList

Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities↗2019-10-02

▶

📋Vendor Advisories

Cisco

Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities↗2019-10-02

▶