Vulnerability Name:

CVE-2019-12627 (CCN-165608)

Assigned:2019-08-21
Published:2019-08-21
Updated:2020-10-08
Summary:A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
5.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
5.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2019-12627

Source: XF
Type: UNKNOWN
cisco-cve201912627-info-disc(165608)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20190821-frpwr-td-info
Cisco Firepower Threat Defense Software Information Disclosure Vulnerability

Source: CISCO
Type: Vendor Advisory
20190821 Cisco Firepower Threat Defense Software Information Disclosure Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* (Version < 6.4.0.4)
  • AND
  • cpe:/h:cisco:amp_7150:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:amp_8150:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_7010:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_7020:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_7030:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_7050:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_7110:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_7115:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_7120:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_7125:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_8120:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_8130:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_8140:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_8250:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_8260:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_8270:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_8290:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_8350:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_8360:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_8370:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_8390:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_management_center_1000:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_management_center_2000:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_management_center_2500:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_management_center_4000:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firesight_management_center_1500:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firesight_management_center_3500:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firesight_management_center_750:-:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    cisco firepower threat defense *
    cisco amp 7150 -
    cisco amp 8150 -
    cisco firepower 7010 -
    cisco firepower 7020 -
    cisco firepower 7030 -
    cisco firepower 7050 -
    cisco firepower 7110 -
    cisco firepower 7115 -
    cisco firepower 7120 -
    cisco firepower 7125 -
    cisco firepower 8120 -
    cisco firepower 8130 -
    cisco firepower 8140 -
    cisco firepower 8250 -
    cisco firepower 8260 -
    cisco firepower 8270 -
    cisco firepower 8290 -
    cisco firepower 8350 -
    cisco firepower 8360 -
    cisco firepower 8370 -
    cisco firepower 8390 -
    cisco firepower management center 1000 -
    cisco firepower management center 2000 -
    cisco firepower management center 2500 -
    cisco firepower management center 4000 -
    cisco firesight management center 1500 -
    cisco firesight management center 3500 -
    cisco firesight management center 750 -
    cisco firepower threat defense software *