CVE-2019-1699
published 2019-05-03CVE-2019-1699: A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack…
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_firepower_threat_defense_software | >= unspecified < 6.2.3.12 | 6.2.3.12 |
| cisco | cisco_firepower_threat_defense_software | >= unspecified < 6.3.0.3 | 6.3.0.3 |
| cisco | firepower_threat_defense | — | — |
| cisco | secure_firewall_management_center | < 6.2.3.12 | 6.2.3.12 |