CVE-2019-12694

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.

Published : 2019-10-02 19:15 Updated : 2019-10-10 16:57

7.2
CVSS Score More info
Score 7.2 / 10
7.2
Vendor Product Version URI
Cisco Firepower Threat Defense 5.3.0 cpe:/a:cisco:firepower_threat_defense:5.3.0
Cisco Firepower Threat Defense 5.4.0 cpe:/a:cisco:firepower_threat_defense:5.4.0
Cisco Firepower Threat Defense 6.0 cpe:/a:cisco:firepower_threat_defense:6.0
Cisco Firepower Threat Defense 6.0.0 cpe:/a:cisco:firepower_threat_defense:6.0.0
Cisco Firepower Threat Defense 6.0.0.1 cpe:/a:cisco:firepower_threat_defense:6.0.0.1
Cisco Firepower Threat Defense 6.0.1 cpe:/a:cisco:firepower_threat_defense:6.0.1
Cisco Firepower Threat Defense 6.0.1.1 cpe:/a:cisco:firepower_threat_defense:6.0.1.1
Cisco Firepower Threat Defense 6.0.1.2 cpe:/a:cisco:firepower_threat_defense:6.0.1.2
Cisco Firepower Threat Defense 6.0.1.3 cpe:/a:cisco:firepower_threat_defense:6.0.1.3
Cisco Firepower Threat Defense 6.0.1.4 cpe:/a:cisco:firepower_threat_defense:6.0.1.4
Cisco Firepower Threat Defense 6.1.0 cpe:/a:cisco:firepower_threat_defense:6.1.0
Cisco Firepower Threat Defense 6.1.0.1 cpe:/a:cisco:firepower_threat_defense:6.1.0.1
Cisco Firepower Threat Defense 6.1.0.2 cpe:/a:cisco:firepower_threat_defense:6.1.0.2
Cisco Firepower Threat Defense 6.1.0.3 cpe:/a:cisco:firepower_threat_defense:6.1.0.3
Cisco Firepower Threat Defense 6.1.0.4 cpe:/a:cisco:firepower_threat_defense:6.1.0.4
Cisco Firepower Threat Defense 6.1.0.5 cpe:/a:cisco:firepower_threat_defense:6.1.0.5
Cisco Firepower Threat Defense 6.1.0.6 cpe:/a:cisco:firepower_threat_defense:6.1.0.6
Cisco Firepower Threat Defense 6.1.0.7 cpe:/a:cisco:firepower_threat_defense:6.1.0.7
Cisco Firepower Threat Defense 6.2.0 cpe:/a:cisco:firepower_threat_defense:6.2.0
Cisco Firepower Threat Defense 6.2.0.1 cpe:/a:cisco:firepower_threat_defense:6.2.0.1
Cisco Firepower Threat Defense 6.2.0.2 cpe:/a:cisco:firepower_threat_defense:6.2.0.2
Cisco Firepower Threat Defense 6.2.0.3 cpe:/a:cisco:firepower_threat_defense:6.2.0.3
Cisco Firepower Threat Defense 6.2.0.4 cpe:/a:cisco:firepower_threat_defense:6.2.0.4
Cisco Firepower Threat Defense 6.2.0.5 cpe:/a:cisco:firepower_threat_defense:6.2.0.5
Cisco Firepower Threat Defense 6.2.1 cpe:/a:cisco:firepower_threat_defense:6.2.1
Cisco Firepower Threat Defense 6.2.2 cpe:/a:cisco:firepower_threat_defense:6.2.2
Cisco Firepower Threat Defense 6.2.2.1 cpe:/a:cisco:firepower_threat_defense:6.2.2.1
Cisco Firepower Threat Defense 6.2.2.2 cpe:/a:cisco:firepower_threat_defense:6.2.2.2
Cisco Firepower Threat Defense 6.2.2.3 cpe:/a:cisco:firepower_threat_defense:6.2.2.3
Cisco Firepower Threat Defense 6.2.2.4 cpe:/a:cisco:firepower_threat_defense:6.2.2.4
Cisco Firepower Threat Defense 6.2.2.5 cpe:/a:cisco:firepower_threat_defense:6.2.2.5
Cisco Firepower Threat Defense 6.2.3 cpe:/a:cisco:firepower_threat_defense:6.2.3
Cisco Firepower Threat Defense 6.2.3.1 cpe:/a:cisco:firepower_threat_defense:6.2.3.1
Cisco Firepower Threat Defense 6.2.3.2 cpe:/a:cisco:firepower_threat_defense:6.2.3.2
Cisco Firepower Threat Defense 6.2.3.3 cpe:/a:cisco:firepower_threat_defense:6.2.3.3
Cisco Firepower Threat Defense 6.2.3.4 cpe:/a:cisco:firepower_threat_defense:6.2.3.4
Cisco Firepower Threat Defense 6.2.3.5 cpe:/a:cisco:firepower_threat_defense:6.2.3.5
Cisco Firepower Threat Defense 6.2.3.6 cpe:/a:cisco:firepower_threat_defense:6.2.3.6
Cisco Firepower Threat Defense 6.2.3.7 cpe:/a:cisco:firepower_threat_defense:6.2.3.7
Cisco Firepower Threat Defense 6.2.3.9 cpe:/a:cisco:firepower_threat_defense:6.2.3.9
Cisco Firepower Threat Defense 6.2.3.10 cpe:/a:cisco:firepower_threat_defense:6.2.3.10
Cisco Firepower Threat Defense 6.2.3.11 cpe:/a:cisco:firepower_threat_defense:6.2.3.11
Cisco Firepower Threat Defense 6.2.3.12 cpe:/a:cisco:firepower_threat_defense:6.2.3.12
Cisco Firepower Threat Defense 6.2.3.13 cpe:/a:cisco:firepower_threat_defense:6.2.3.13
Cisco Firepower Threat Defense 6.3.0.1 cpe:/a:cisco:firepower_threat_defense:6.3.0.1
Cisco Firepower Threat Defense 6.3.0.2 cpe:/a:cisco:firepower_threat_defense:6.3.0.2
Cisco Firepower Threat Defense 6.3.0.3 cpe:/a:cisco:firepower_threat_defense:6.3.0.3
  1. Cisco (1) Search CVE
    1. Firepower Threat Defense (47) Search CVE
      1. 5.3.0
      2. 5.4.0
      3. 6.0
      4. 6.0.0
      5. 6.0.0.1
      6. 6.0.1
      7. 6.0.1.1
      8. 6.0.1.2
      9. 6.0.1.3
      10. 6.0.1.4
      11. 6.1.0
      12. 6.1.0.1
      13. 6.1.0.2
      14. 6.1.0.3
      15. 6.1.0.4
      16. 6.1.0.5
      17. 6.1.0.6
      18. 6.1.0.7
      19. 6.2.0
      20. 6.2.0.1
      21. 6.2.0.2
      22. 6.2.0.3
      23. 6.2.0.4
      24. 6.2.0.5
      25. 6.2.1
      26. 6.2.2
      27. 6.2.2.1
      28. 6.2.2.2
      29. 6.2.2.3
      30. 6.2.2.4
      31. 6.2.2.5
      32. 6.2.3
      33. 6.2.3.1
      34. 6.2.3.2
      35. 6.2.3.3
      36. 6.2.3.4
      37. 6.2.3.5
      38. 6.2.3.6
      39. 6.2.3.7
      40. 6.2.3.9
      41. 6.2.3.10
      42. 6.2.3.11
      43. 6.2.3.12
      44. 6.2.3.13
      45. 6.3.0.1
      46. 6.3.0.2
      47. 6.3.0.3

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-10-10 16:57
2019-10-02 19:17

New CVE