CVE-2019-12627

Published: Aug 21, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.

Affected (1)

Products: Cisco: Firepower Threat Defense

Cisco

1 product

Firepower Threat Defense

Configuration A

1 vulnerable · 28 platform

Vulnerable Software	Affected Versions
Cisco Firepower Threat Defense	Before 6.4.0.4

Running on/with	Platform Versions
Cisco Amp 7150	All versions
Cisco Amp 8150	All versions
Cisco Firepower 7010	All versions
Cisco Firepower 7020	All versions
Cisco Firepower 7030	All versions
Cisco Firepower 7050	All versions
Cisco Firepower 7110	All versions
Cisco Firepower 7115	All versions
Cisco Firepower 7120	All versions
Cisco Firepower 7125	All versions
Cisco Firepower 8120	All versions
Cisco Firepower 8130	All versions
Cisco Firepower 8140	All versions
Cisco Firepower 8250	All versions
Cisco Firepower 8260	All versions
Cisco Firepower 8270	All versions
Cisco Firepower 8290	All versions
Cisco Firepower 8350	All versions
Cisco Firepower 8360	All versions
Cisco Firepower 8370	All versions
Cisco Firepower 8390	All versions
Cisco Firepower Management Center 1000	All versions
Cisco Firepower Management Center 2000	All versions
Cisco Firepower Management Center 2500	All versions
Cisco Firepower Management Center 4000	All versions
Cisco Firesight Management Center 1500	All versions
Cisco Firesight Management Center 3500	All versions
Cisco Firesight Management Center 750	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-frpwr-td-info

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-frpwr-td-info

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.