CVE-2019-12674
Summary
| CVE | CVE-2019-12674 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-02 19:15:00 UTC |
| Updated | 2019-10-09 23:46:00 UTC |
| Description | Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances. |
Risk And Classification
Problem Types: CWE-116
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Firepower 4110 | - | All | All | All |
| Hardware | Cisco | Firepower 4110 | - | All | All | All |
| Operating System | Cisco | Firepower 4110 Firmware | - | All | All | All |
| Operating System | Cisco | Firepower 4110 Firmware | - | All | All | All |
| Hardware | Cisco | Firepower 4115 | - | All | All | All |
| Hardware | Cisco | Firepower 4115 | - | All | All | All |
| Operating System | Cisco | Firepower 4115 Firmware | - | All | All | All |
| Operating System | Cisco | Firepower 4115 Firmware | - | All | All | All |
| Hardware | Cisco | Firepower 4120 | - | All | All | All |
| Hardware | Cisco | Firepower 4120 | - | All | All | All |
| Operating System | Cisco | Firepower 4120 Firmware | - | All | All | All |
| Operating System | Cisco | Firepower 4120 Firmware | - | All | All | All |
| Hardware | Cisco | Firepower 4125 | - | All | All | All |
| Hardware | Cisco | Firepower 4125 | - | All | All | All |
| Operating System | Cisco | Firepower 4125 Firmware | - | All | All | All |
| Operating System | Cisco | Firepower 4125 Firmware | - | All | All | All |
| Hardware | Cisco | Firepower 4140 | - | All | All | All |
| Hardware | Cisco | Firepower 4140 | - | All | All | All |
| Operating System | Cisco | Firepower 4140 Firmware | - | All | All | All |
| Operating System | Cisco | Firepower 4140 Firmware | - | All | All | All |
| Hardware | Cisco | Firepower 4145 | - | All | All | All |
| Hardware | Cisco | Firepower 4145 | - | All | All | All |
| Operating System | Cisco | Firepower 4145 Firmware | - | All | All | All |
| Operating System | Cisco | Firepower 4145 Firmware | - | All | All | All |
| Hardware | Cisco | Firepower 4150 | - | All | All | All |
| Hardware | Cisco | Firepower 4150 | - | All | All | All |
| Operating System | Cisco | Firepower 4150 Firmware | - | All | All | All |
| Operating System | Cisco | Firepower 4150 Firmware | - | All | All | All |
| Hardware | Cisco | Firepower 9300 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 | - | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | - | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | - | All | All | All |
| Application | Cisco | Firepower Threat Defense | All | All | All | All |
| Application | Cisco | Firepower Threat Defense | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.