CVE-2019-12699

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.

Published : 2019-10-02 19:15 Updated : 2019-10-10 16:51

7.2
CVSS Score More info
Score 7.2 / 10
7.2
Vendor Product Version URI
Cisco Firepower Threat Defense 6.1.0 cpe:/a:cisco:firepower_threat_defense:6.1.0
Cisco Firepower Threat Defense 6.2.0 cpe:/a:cisco:firepower_threat_defense:6.2.0
Cisco Firepower Threat Defense 6.2.0.1 cpe:/a:cisco:firepower_threat_defense:6.2.0.1
Cisco Firepower Threat Defense 6.2.0.2 cpe:/a:cisco:firepower_threat_defense:6.2.0.2
Cisco Firepower Threat Defense 6.2.0.3 cpe:/a:cisco:firepower_threat_defense:6.2.0.3
Cisco Firepower Threat Defense 6.2.0.4 cpe:/a:cisco:firepower_threat_defense:6.2.0.4
Cisco Firepower Threat Defense 6.2.0.5 cpe:/a:cisco:firepower_threat_defense:6.2.0.5
Cisco Firepower Threat Defense 6.2.1 cpe:/a:cisco:firepower_threat_defense:6.2.1
Cisco Firepower Threat Defense 6.2.2 cpe:/a:cisco:firepower_threat_defense:6.2.2
Cisco Firepower Threat Defense 6.2.2.1 cpe:/a:cisco:firepower_threat_defense:6.2.2.1
Cisco Firepower Threat Defense 6.2.2.2 cpe:/a:cisco:firepower_threat_defense:6.2.2.2
Cisco Firepower Threat Defense 6.2.2.3 cpe:/a:cisco:firepower_threat_defense:6.2.2.3
Cisco Firepower Threat Defense 6.2.2.4 cpe:/a:cisco:firepower_threat_defense:6.2.2.4
Cisco Firepower Threat Defense 6.2.2.5 cpe:/a:cisco:firepower_threat_defense:6.2.2.5
Cisco Firepower Threat Defense 6.2.3 cpe:/a:cisco:firepower_threat_defense:6.2.3
Cisco Firepower Threat Defense 6.2.3.1 cpe:/a:cisco:firepower_threat_defense:6.2.3.1
Cisco Firepower Threat Defense 6.2.3.2 cpe:/a:cisco:firepower_threat_defense:6.2.3.2
Cisco Firepower Threat Defense 6.2.3.3 cpe:/a:cisco:firepower_threat_defense:6.2.3.3
Cisco Firepower Threat Defense 6.2.3.4 cpe:/a:cisco:firepower_threat_defense:6.2.3.4
Cisco Firepower Threat Defense 6.2.3.5 cpe:/a:cisco:firepower_threat_defense:6.2.3.5
Cisco Firepower Threat Defense 6.2.3.6 cpe:/a:cisco:firepower_threat_defense:6.2.3.6
Cisco Firepower Threat Defense 6.2.3.7 cpe:/a:cisco:firepower_threat_defense:6.2.3.7
Cisco Firepower Threat Defense 6.2.3.9 cpe:/a:cisco:firepower_threat_defense:6.2.3.9
Cisco Firepower Threat Defense 6.2.3.10 cpe:/a:cisco:firepower_threat_defense:6.2.3.10
Cisco Firepower Threat Defense 6.2.3.11 cpe:/a:cisco:firepower_threat_defense:6.2.3.11
Cisco Firepower Threat Defense 6.2.3.12 cpe:/a:cisco:firepower_threat_defense:6.2.3.12
Cisco Firepower Threat Defense 6.2.3.13 cpe:/a:cisco:firepower_threat_defense:6.2.3.13
Cisco Firepower Threat Defense 6.3.0.1 cpe:/a:cisco:firepower_threat_defense:6.3.0.1
Cisco Firepower Threat Defense 6.3.0.2 cpe:/a:cisco:firepower_threat_defense:6.3.0.2
Cisco Firepower 9300 Firmware 2.4%281.214%29 cpe:/o:cisco:firepower_9300_firmware:2.4%281.214%29
Cisco Firepower 9300 Firmware 2.4%281.216%29 cpe:/o:cisco:firepower_9300_firmware:2.4%281.216%29
Cisco Firepower 9300 Firmware 2.4%282.54%29 cpe:/o:cisco:firepower_9300_firmware:2.4%282.54%29
Cisco Firepower 9300 Firmware r241 cpe:/o:cisco:firepower_9300_firmware:r241
  1. Cisco (2) Search CVE
    1. Firepower 9300 Firmware (4) Search CVE
      1. 2.4%281.214%29
      2. 2.4%281.216%29
      3. 2.4%282.54%29
      4. R241
    2. Firepower Threat Defense (29) Search CVE
      1. 6.1.0
      2. 6.2.0
      3. 6.2.0.1
      4. 6.2.0.2
      5. 6.2.0.3
      6. 6.2.0.4
      7. 6.2.0.5
      8. 6.2.1
      9. 6.2.2
      10. 6.2.2.1
      11. 6.2.2.2
      12. 6.2.2.3
      13. 6.2.2.4
      14. 6.2.2.5
      15. 6.2.3
      16. 6.2.3.1
      17. 6.2.3.2
      18. 6.2.3.3
      19. 6.2.3.4
      20. 6.2.3.5
      21. 6.2.3.6
      22. 6.2.3.7
      23. 6.2.3.9
      24. 6.2.3.10
      25. 6.2.3.11
      26. 6.2.3.12
      27. 6.2.3.13
      28. 6.3.0.1
      29. 6.3.0.2

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-10-10 16:51
2019-10-02 19:17

New CVE