Search...

CVE-2019-12699

2019-10-02T19:15:00

ID CVE-2019-12699
Type cve
Reporter cve@mitre.org
Modified 2020-10-08T14:02:00

Description

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.

JSON Vulners Source

Initial Source

{"id": "CVE-2019-12699", "bulletinFamily": "NVD", "title": "CVE-2019-12699", "description": "Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.", "published": "2019-10-02T19:15:00", "modified": "2020-10-08T14:02:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12699", "reporter": "cve@mitre.org", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject"], "cvelist": ["CVE-2019-12699"], "type": "cve", "lastseen": "2021-02-02T07:12:49", "edition": 14, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-20191002-FXOS-CMD-INJECT"]}, {"type": "nessus", "idList": ["CISCO-SA-20191002-FXOS-CMD-INJECT-FTD.NASL", "CISCO-SA-20191002-FXOS-CMD-INJECT.NASL"]}], "modified": "2021-02-02T07:12:49", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-02-02T07:12:49", "rev": 2}, "vulnersScore": 5.5}, "cpe": ["cpe:/o:cisco:firepower_9300_firmware:2.4\\(1.216\\)", "cpe:/o:cisco:firepower_9300_firmware:2.4\\(1.214\\)", "cpe:/a:cisco:firepower_threat_defense:6.1.0", "cpe:/o:cisco:firepower_9300_firmware:2.4\\(2.54\\)", "cpe:/o:cisco:firepower_9300_firmware:r241"], "affectedSoftware": [{"cpeName": "cisco:fxos", "name": "cisco fxos", "operator": "lt", "version": "2.2.2.101"}, {"cpeName": "cisco:firepower_threat_defense", "name": "cisco firepower threat defense", "operator": "lt", "version": "6.3.0.3"}, {"cpeName": "cisco:firepower_9300_firmware", "name": "cisco firepower 9300 firmware", "operator": "eq", "version": "r241"}, {"cpeName": "cisco:firepower_threat_defense", "name": "cisco firepower threat defense", "operator": "lt", "version": "6.2.3.14"}, {"cpeName": "cisco:firepower_9300_firmware", "name": "cisco firepower 9300 firmware", "operator": "eq", "version": "2.4\\(2.54\\)"}, {"cpeName": "cisco:fxos", "name": "cisco fxos", "operator": "lt", "version": "2.4.1.238"}, {"cpeName": "cisco:firepower_threat_defense", "name": "cisco firepower threat defense", "operator": "le", "version": "6.1.0"}, {"cpeName": "cisco:firepower_9300_firmware", "name": "cisco firepower 9300 firmware", "operator": "eq", "version": "2.4\\(1.216\\)"}, {"cpeName": "cisco:fxos", "name": "cisco fxos", "operator": "lt", "version": "2.3.1.155"}, {"cpeName": "cisco:firepower_9300_firmware", "name": "cisco firepower 9300 firmware", "operator": "eq", "version": "2.4\\(1.214\\)"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\(2.54\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\(1.216\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:firepower_9300_firmware:r241:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\(1.214\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:firepower_threat_defense:6.1.0:*:*:*:*:*:*:*"], "cwe": ["CWE-78"], "scheme": null, "affectedConfiguration": [{"cpeName": "cisco:firepower_9300", "name": "cisco firepower 9300", "operator": "eq", "version": "-"}, {"cpeName": "cisco:firepower_9300", "name": "cisco firepower 9300", "operator": "eq", "version": "*"}, {"cpeName": "cisco:firepower_2100", "name": "cisco firepower 2100", "operator": "eq", "version": "-"}, {"cpeName": "cisco:firepower_4100", "name": "cisco firepower 4100", "operator": "eq", "version": "-"}, {"cpeName": "cisco:firepower_1000", "name": "cisco firepower 1000", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\(2.54\\):*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\(1.216\\):*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:firepower_9300_firmware:r241:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:firepower_9300_firmware:2.4\\(1.214\\):*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.3.0.3:*:*:*:*:*:*:*", "versionEndExcluding": "6.3.0.3", "versionStartIncluding": "6.3.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3.14:*:*:*:*:*:*:*", "versionEndExcluding": "6.2.3.14", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.1.0:*:*:*:*:*:*:*", "versionEndIncluding": "6.1.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:firepower_1000:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:fxos:2.4.1.238:*:*:*:*:*:*:*", "versionEndExcluding": "2.4.1.238", "versionStartIncluding": "2.4", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:fxos:2.2.2.101:*:*:*:*:*:*:*", "versionEndExcluding": "2.2.2.101", "versionStartIncluding": "2.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:fxos:2.3.1.155:*:*:*:*:*:*:*", "versionEndExcluding": "2.3.1.155", "versionStartIncluding": "2.3", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:firepower_9300:*:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}, "extraReferences": [{"name": "20191002 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities", "refsource": "CISCO", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject"}], "immutableFields": []}

{"cisco": [{"lastseen": "2020-12-24T11:40:40", "bulletinFamily": "software", "cvelist": ["CVE-2019-12699"], "description": "Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges.\n\nThese vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject\"]", "modified": "2019-10-02T15:48:49", "published": "2019-10-02T16:00:00", "id": "CISCO-SA-20191002-FXOS-CMD-INJECT", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject", "type": "cisco", "title": "Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities", "cvss": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}}], "nessus": [{"lastseen": "2020-04-14T06:58:08", "description": "According to its self-reported version, Cisco Firepower Threat Defense (FTD) Software is affected by multiple\nvulnerabilities in the CLI due to insufficient input validation. An unauthenticated, local attacker can exploit this, by\nincluding crafted arguments to specific commands, in order to execute arbitrary commands on the underlying OS with root\nprivileges.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-10T00:00:00", "title": "Cisco FTD Software Command Injection (cisco-sa-20191002-fxos-cmd-inject)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12699"], "modified": "2020-04-10T00:00:00", "cpe": ["cpe:/a:cisco:firepower", "cpe:/a:cisco:firepower_threat_defense"], "id": "CISCO-SA-20191002-FXOS-CMD-INJECT-FTD.NASL", "href": "https://www.tenable.com/plugins/nessus/135294", "sourceData": "#TRUSTED 1a850cca8386382d09633054ba33279e30e183bb30b18efa4ecf52a5373ad5410b82bb0ff7f41b661527fd63dd5a3474cad5eb9be252d9a333c9cb0192e0361e3c3a384f118682db847507d79a04fc000435c99dfef0d4615505781b27735b2a20f0a0adc1609ec8ebd8220ae2c9f19fa22446a8aa2524f165f8722905b621025b440a08a1b76b180933796d9294eb6fc8457a74286e48d2b2a68a2eff8fa0b2523722781209f8a2d9413f5acaa314f383e15e721dff29cbf26a4dea40685361a0bbaec9d1ff5f56fca9cdbaeffbac517a19b9c1a67fe712b5c5e9c864b5ced5baf736626083a93fdf1af9fe3987d567ddf32bae4c936b8e10ce8443b7a044a01ff93ad6a5d8353f7e09c8c5b7d27c6e9b16312e53b8c128cfa98873f04ff2e59408c35153367de299793886b4513dd9fb65456af71891216b963cc4f9b4df7f35e09831f2583f04341a1e603b174d7f9c31d73a1b8c88b3068826fe7882cd7da221e05a6e97991ad0c6c7312f573f76d0aa92a9dec2dc70147162a88bc25cfd681ec28762a222d2b0ab07e4ff0b09e62f518ddab450e541c562347f134b1299c723aa70eccb484c1fd0471fd94a6b5c149f4a93d22d2614b00aa5293febdd830f1cff6edbe82da8f641b99abe6654ec7249765c0143c7f88fc32add73a586721d52c1cc35d613cbb484ecfee41b89c0b2a36c5c11f162f99e4fb95e2d8849ed\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135294);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/13\");\n\n script_cve_id(\"CVE-2019-12699\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvm14277\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvm14279\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvm25813\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvm25894\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvo42621\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvo42651\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvo83496\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20191002-fxos-cmd-inject\");\n script_xref(name:\"IAVA\", value:\"2019-A-0370\");\n\n script_name(english:\"Cisco FTD Software Command Injection (cisco-sa-20191002-fxos-cmd-inject)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco Firepower Threat Defense (FTD) Software is affected by multiple\nvulnerabilities in the CLI due to insufficient input validation. An unauthenticated, local attacker can exploit this, by\nincluding crafted arguments to specific commands, in order to execute arbitrary commands on the underlying OS with root\nprivileges.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ad074ec\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm25813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm25894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo42621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo42651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo83496\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version in the referenced Cisco bug IDs.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12699\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:firepower\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:firepower_threat_defense\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\", \"cisco_enumerate_firepower.nbin\", \"cisco_asa_firepower_version.nasl\");\n script_require_keys(\"installed_sw/Cisco Firepower Threat Defense\");\n\n exit(0);\n}\n\ninclude('cisco_workarounds.inc');\ninclude('ccf.inc');\n\nproduct_info = cisco::get_product_info(name:'Cisco Firepower Threat Defense');\n\nif(product_info['model'] !~ \"^(10|21)[0-9]{2}\")\n audit(AUDIT_HOST_NOT, 'an affected model');\n\nvuln_ranges = [\n {'min_ver' : '0', 'fix_ver': '6.2.3.14'},\n {'min_ver' : '6.3.0', 'fix_ver': '6.3.0.3'}\n];\n\nworkarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);\nworkaround_params = make_list();\n\nreporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_HOLE,\n 'version' , product_info['version'],\n 'bug_id' , 'CSCvm14277, CSCvm14279, CSCvm25813, CSCvm25894, CSCvo42621, CSCvo42651, CSCvo83496'\n);\n\ncisco::check_and_report(\n product_info:product_info,\n workarounds:workarounds,\n workaround_params:workaround_params,\n reporting:reporting,\n vuln_ranges:vuln_ranges\n);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-14T06:58:08", "description": "According to its self-reported version, Cisco FXOS Software is affected by multiple vulnerabilities in the CLI due to\ninsufficient input validation. An unauthenticated, local attacker can exploit this, by including crafted arguments to\nspecific commands, in order to execute arbitrary commands on the underlying OS with root privileges.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-10T00:00:00", "title": "Cisco FXOS Software Command Injection (cisco-sa-20191002-fxos-cmd-inject)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12699"], "modified": "2020-04-10T00:00:00", "cpe": ["cpe:/o:cisco:fxos"], "id": "CISCO-SA-20191002-FXOS-CMD-INJECT.NASL", "href": "https://www.tenable.com/plugins/nessus/135295", "sourceData": "#TRUSTED 77379511ecc3df284678530ccb1627276298eec0403c09328516477388605e0be863768c5c169d90b51fc74cb1430124e22795da11c093870d25f35a55702bd3afaca17352e031bc33a1e819a30c1ed7413caa7edf839c21aa84897e67b1d175b91b75dba0507ac9c7cb92e50ff94b08f9790e7b3fa616cdf586f868b7c177a0a5408cf231dc503e0872c6c107974410aab9350aa1818f05bc9adfd9e0473de96af3a0d2ce23c3911fe4d1233f35c8aed614ed8722784b9d1e7f5fab86cb6a6de94c5802f41ab23f1a27e658065b24a69900e794a5627ad1f6aed521d1b82d1da02a15bcf4a86ed1a01f2e358dc86bcd74b4e8a443bcdf08bdd0a353683eb82e5faed567861dcb65e8634c83251973df533602e8a66dd76f23e1b5eb22f512d63b4c9b37be8cacdfcded4e7c3fe32a09978c0a647f2124a5f1eb4a7b6dcb9525d2ae6940fa7f2b7bd32f10611eec09814e70f56060df79191e9511b051ec7bddfd8594bc1a4c952ee88291b4964e1549b814b67542216015f73b61e2f5dcc3448a0a0850cf0b0e302ca9081ca76e9143b7512d50ba64463adcd20b293b941e74aa72c5836a6c577d3d3eb56d8667367d18222a98b6dfe138573a8718e638a0fb34fba11bb585e664941760bc2a0a71837e6b44ef51a9a448b9e80a8dcc0bec90341e9fdaa3bcd8be9c36c354eac674ac6c88cf215d507c544e1c4477adfb73d0\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135295);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/13\");\n\n script_cve_id(\"CVE-2019-12699\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvm14277\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvm14279\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvm25813\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvm25894\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvo42621\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvo42651\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvo83496\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20191002-fxos-cmd-inject\");\n script_xref(name:\"IAVA\", value:\"2019-A-0370\");\n\n script_name(english:\"Cisco FXOS Software Command Injection (cisco-sa-20191002-fxos-cmd-inject)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco FXOS Software is affected by multiple vulnerabilities in the CLI due to\ninsufficient input validation. An unauthenticated, local attacker can exploit this, by including crafted arguments to\nspecific commands, in order to execute arbitrary commands on the underlying OS with root privileges.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ad074ec\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm14279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm25813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm25894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo42621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo42651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo83496\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version in the referenced Cisco bug IDs.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12699\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:fxos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_enumerate_firepower.nbin\", \"cisco_asa_firepower_version.nasl\");\n script_require_keys(\"installed_sw/FXOS\");\n\n exit(0);\n}\n\ninclude('cisco_workarounds.inc');\ninclude('ccf.inc');\n\nproduct_info = cisco::get_product_info(name:'FXOS');\n\nif(product_info['model'] !~ \"^(41|93)[0-9]{2}\")\n audit(AUDIT_HOST_NOT, 'an affected model');\n\nvuln_ranges = [\n {'min_ver' : '2.0', 'fix_ver': '2.2.2.101'},\n {'min_ver' : '2.3', 'fix_ver': '2.3.1.155'},\n {'min_ver' : '2.4', 'fix_ver': '2.4.1.238'}\n];\n\nworkarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);\nworkaround_params = make_list();\n\nreporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_HOLE,\n 'version' , product_info['version'],\n 'bug_id' , 'CSCvm14277, CSCvm14279, CSCvm25813, CSCvm25894, CSCvo42621, CSCvo42651, CSCvo83496'\n);\n\ncisco::check_and_report(\n product_info:product_info,\n workarounds:workarounds,\n workaround_params:workaround_params,\n reporting:reporting,\n vuln_ranges:vuln_ranges\n);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}