CVE-2019-12699
Summary
| CVE | CVE-2019-12699 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-02 19:15:00 UTC |
| Updated | 2023-04-20 15:27:00 UTC |
| Description | Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Firepower 1000 | - | All | All | All |
| Hardware | Cisco | Firepower 1000 | - | All | All | All |
| Hardware | Cisco | Firepower 2100 | - | All | All | All |
| Hardware | Cisco | Firepower 2100 | - | All | All | All |
| Hardware | Cisco | Firepower 4100 | - | All | All | All |
| Hardware | Cisco | Firepower 4100 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 | All | All | All | All |
| Hardware | Cisco | Firepower 9300 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 | All | All | All | All |
| Hardware | Cisco | Firepower 9300 | - | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | 2.4(1.214) | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | 2.4(1.216) | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | 2.4(2.54) | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | 2.4\(1.214\) | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | 2.4\(1.216\) | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | 2.4\(2.54\) | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | r241 | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | 2.4\(1.214\) | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | 2.4\(1.216\) | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | 2.4\(2.54\) | All | All | All |
| Operating System | Cisco | Firepower 9300 Firmware | r241 | All | All | All |
| Operating System | Cisco | Firepower Extensible Operating System | All | All | All | All |
| Application | Cisco | Firepower Threat Defense | All | All | All | All |
| Application | Cisco | Firepower Threat Defense | All | All | All | All |
| Application | Cisco | Firepower Threat Defense | All | All | All | All |
| Operating System | Cisco | Fxos | All | All | All | All |
| Operating System | Cisco | Fxos | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.