CVE-2019-1709 — OS Command Injection in Cisco Firepower Threat Defense Software

CWE-78 — OS Command Injection6 documents5 sources

Severity

7.8HIGHNVD

CNA6.0

EPSS

0.1%

top 67.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Threat Defense Software Cisco Firepower Threat Defense Cisco Secure Firewall Management Center

Timeline

PublishedMay 3

Latest updateMay 24

Description

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5cisco/cisco_firepower_threat_defense_softwareunspecified — 6.2.3.12

▶NVDcisco/firepower_threat_defense7 versions+6

▶NVDcisco/secure_firewall_management_center6.3.0

🔴Vulnerability Details

GHSA

GHSA-q7vf-v5j3-x8f5: A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injectio↗2022-05-24

▶

CVEList

Cisco Firepower Threat Defense Software Command Injection Vulnerability↗2019-05-03

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation↗2019-04-16

▶

Exploit-DB

Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free↗2019-01-16

▶

📋Vendor Advisories

Cisco

Cisco Firepower Threat Defense Software Command Injection Vulnerability↗2019-05-01

▶