CVE-2019-12675

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:firepower_9300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cisco:firepower_4115_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:cisco:firepower_4125_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:cisco:firepower_4145_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:cisco:firepower_4110_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:cisco:firepower_4120_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:cisco:firepower_4140_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:cisco:firepower_4150_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-10-02 19:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-12675

Mitre link : CVE-2019-12675

CVE.ORG link : CVE-2019-12675


JSON object : View

Products Affected

cisco

  • firepower_4145
  • firepower_4140_firmware
  • firepower_4125_firmware
  • firepower_4115
  • firepower_4140
  • firepower_9300_firmware
  • firepower_4150_firmware
  • firepower_9300
  • firepower_4125
  • firepower_4145_firmware
  • firepower_4110
  • firepower_4150
  • firepower_4115_firmware
  • firepower_4120
  • firepower_4120_firmware
  • firepower_threat_defense
  • firepower_4110_firmware
CWE
CWE-116

Improper Encoding or Escaping of Output

CWE-216

DEPRECATED: Containment Errors (Container Errors)