CVE-2019-12699

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:firepower_9300_firmware:2.4\(1.214\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:firepower_9300_firmware:2.4\(1.216\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:firepower_9300_firmware:2.4\(2.54\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:firepower_9300_firmware:r241:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_9300:*:*:*:*:*:*:*:*

History

20 Apr 2023, 15:27

Type Values Removed Values Added
CPE cpe:2.3:o:cisco:fxos:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*

Information

Published : 2019-10-02 19:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-12699

Mitre link : CVE-2019-12699

CVE.ORG link : CVE-2019-12699


JSON object : View

Products Affected

cisco

  • firepower_4100
  • firepower_1000
  • firepower_extensible_operating_system
  • firepower_2100
  • firepower_9300_firmware
  • firepower_9300
  • firepower_threat_defense
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-20

Improper Input Validation