← Back

CVE-2019-12675

nvd nist
Published: Oct 2, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitability: 2.0 / Impact: 6.0
Source: NVD

Description

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances.

Affected (9)

Cisco
9 products
Firepower Threat Defense
Firepower 9300 Firmware
Firepower 4115 Firmware
Firepower 4125 Firmware
Firepower 4145 Firmware
Firepower 4110 Firmware
Firepower 4120 Firmware
Firepower 4140 Firmware
Firepower 4150 Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Firepower Threat Defense
Before 6.4.0.2
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Firepower 9300 Firmware
All versions
Running on/withPlatform Versions
Cisco
Firepower 9300
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Firepower 4115 Firmware
All versions
Running on/withPlatform Versions
Cisco
Firepower 4115
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Firepower 4125 Firmware
All versions
Running on/withPlatform Versions
Cisco
Firepower 4125
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Firepower 4145 Firmware
All versions
Running on/withPlatform Versions
Cisco
Firepower 4145
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Firepower 4110 Firmware
All versions
Running on/withPlatform Versions
Cisco
Firepower 4110
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Firepower 4120 Firmware
All versions
Running on/withPlatform Versions
Cisco
Firepower 4120
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Firepower 4140 Firmware
All versions
Running on/withPlatform Versions
Cisco
Firepower 4140
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Firepower 4150 Firmware
All versions
Running on/withPlatform Versions
Cisco
Firepower 4150
All versions

Related CWEs

CWE-116
Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
CWE-216
DEPRECATED: Containment Errors (Container Errors)
This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the "container" term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.