CVE-2019-1982 — Incorrect Default Permissions in Cisco Firepower Management Center

CWE-264 CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 47.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Management Center Cisco Secure Firewall Management Center

Timeline

PublishedNov 5

Latest updateMay 24

Description

A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malici…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_management_centerunspecified — n/a

▶NVDcisco/secure_firewall_management_center2.9.13, 2.9.14.0, 3.0.0+2

🔴Vulnerability Details

GHSA

GHSA-fjww-f977-qh4x: A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cis↗2022-05-24

▶

CVEList

Cisco Firepower Threat Defense Software HTTP Filtering Bypass Vulnerability↗2019-11-05

▶

📋Vendor Advisories

Cisco

Cisco Firepower Threat Defense Software HTTP Filtering Bypass Vulnerability↗2019-08-16

▶