CVE-2019-12699 — Improper Input Validation in Cisco Firepower Extensible Operating System

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 61.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Extensible Operating System Cisco Firepower Extensible Operating System Cisco Firepower Threat Defense +1 more

Timeline

PublishedOct 2

Latest updateMay 24

Description

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with roo…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDcisco/firepower_threat_defense6.2.0 — 6.2.3.14+2

▶NVDcisco/firepower_extensible_operating_system2.0 — 2.2.2.101+2

▶CVEListV5cisco/cisco_firepower_extensible_operating_systemunspecified — n/a

▶NVDcisco/firepower_9300_firmware4 versions+3

🔴Vulnerability Details

GHSA

GHSA-mh2j-9c96-v8jf: Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attac↗2022-05-24

▶

CVEList

Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities↗2019-10-02

▶

📋Vendor Advisories

Cisco

Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities↗2019-10-02

▶