Lucene search

[email protected]CVE-2019-1709

HistoryMay 03, 2019 - 4:29 p.m.

CVE-2019-1709

2019-05-0316:29:00

CWE-78

[email protected]

web.nvd.nist.gov

cisco

ftd

software

vulnerability

command injection

cli

nvd

cve-2019-1709

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges.

Affected configurations

NVD

Node

ciscofirepower_management_centerMatch6.3.0

ciscofirepower_threat_defenseMatch6.0.0

ciscofirepower_threat_defenseMatch6.0.1

ciscofirepower_threat_defenseMatch6.1.0

ciscofirepower_threat_defenseMatch6.2.0

ciscofirepower_threat_defenseMatch6.2.1

ciscofirepower_threat_defenseMatch6.2.2

ciscofirepower_threat_defenseMatch6.2.3

CPENameOperatorVersion
cisco:firepower_management_centercisco firepower management centereq6.3.0
cisco:firepower_threat_defensecisco firepower threat defenseeq6.0.0
cisco:firepower_threat_defensecisco firepower threat defenseeq6.0.1
cisco:firepower_threat_defensecisco firepower threat defenseeq6.1.0
cisco:firepower_threat_defensecisco firepower threat defenseeq6.2.0
cisco:firepower_threat_defensecisco firepower threat defenseeq6.2.1
cisco:firepower_threat_defensecisco firepower threat defenseeq6.2.2
cisco:firepower_threat_defensecisco firepower threat defenseeq6.2.3

CPE	Name	Operator	Version
cisco:firepower_management_center	cisco firepower management center	eq	6.3.0
cisco:firepower_threat_defense	cisco firepower threat defense	eq	6.0.0
cisco:firepower_threat_defense	cisco firepower threat defense	eq	6.0.1
cisco:firepower_threat_defense	cisco firepower threat defense	eq	6.1.0
cisco:firepower_threat_defense	cisco firepower threat defense	eq	6.2.0
cisco:firepower_threat_defense	cisco firepower threat defense	eq	6.2.1
cisco:firepower_threat_defense	cisco firepower threat defense	eq	6.2.2
cisco:firepower_threat_defense	cisco firepower threat defense	eq	6.2.3

CNA Affected

[
  {
    "product": "Cisco Firepower Threat Defense Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.2.3.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108156

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-cmd-inj

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2019-1709

cisco1 cvelist1 prion1 nvd1