CVE-2019-12699
Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.8EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
02 out 2019Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Cisco · Cisco Firepower Extensible Operating System (FXOS)