CVE-2019-12696

{"id": "CVE-2019-12696", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-10-02T19:15:13.547", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-firepwr-bypass", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades en el Cisco Firepower System Software Detection Engine, podr\u00edan permitir a un atacante remoto no autenticado omitir las Pol\u00edticas de Malware y Archivos configuradas para los tipos de archivos RTF y RAR. Para m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso."}], "lastModified": "2020-10-08T14:03:08.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower:6.2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "575960BE-137C-4A96-BF64-351A26B8EDDC"}, {"criteria": "cpe:2.3:a:cisco:firepower:6.2.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C77A73AB-6907-47C3-A880-34159774A9C9"}, {"criteria": "cpe:2.3:a:cisco:firepower:6.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC9D2586-4D9E-462D-97AE-E542FD1BCB93"}, {"criteria": "cpe:2.3:a:cisco:firepower:6.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E79477E-2FCE-44DA-AAD3-4009FD0500BF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5500-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E10D97EB-51C4-4904-ABBA-5FCDC9B6D062"}, {"criteria": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FFE3880-4B85-4E23-9836-70875D5109F7"}, {"criteria": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "727A02E8-40A1-4DFE-A3A2-91D628D3044F"}, {"criteria": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19F6546E-28F4-40DC-97D6-E0E023FE939B"}, {"criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72"}, {"criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F"}, {"criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B"}, {"criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140"}, {"criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F"}, {"criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE"}, {"criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46"}, {"criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F"}, {"criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4"}, {"criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24"}, {"criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B"}, {"criteria": "cpe:2.3:h:cisco:firepower_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEC69ACD-18D9-4552-AEA5-17DE63F7D7C7"}, {"criteria": "cpe:2.3:h:cisco:firepower_8000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F74B2097-F1BC-4F1C-A471-CD54E1FB8833"}, {"criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960"}, {"criteria": "cpe:2.3:h:cisco:firepower_threat_defense_for_isr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CEF1C95-F461-478A-B4F3-CCEAFC257EC0"}, {"criteria": "cpe:2.3:h:cisco:ftd_virtual:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8E41ECE-56CB-4B41-AE96-B19EFA53EAD1"}, {"criteria": "cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9510E97A-FD78-43C6-85BC-223001ACA264"}, {"criteria": "cpe:2.3:h:cisco:ngipsv_for_vmware:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1021840C-E28C-45AD-B762-84FDED3AF86A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}