CVE-2019-12627 : A vulnerability in the application policy configuration of the Cisco Firepower T

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.

Published 2019-08-21 19:15:13

Updated 2020-10-08 14:41:10

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2019-12627

Cisco » Firepower Threat Defense
Versions before (<) 6.4.0.4
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Amp 7150 » Version: N/A
When used together with: Cisco » Amp 8150 » Version: N/A
When used together with: Cisco » Firepower 7010 » Version: N/A
When used together with: Cisco » Firepower 7020 » Version: N/A
When used together with: Cisco » Firepower 7030 » Version: N/A
When used together with: Cisco » Firepower 7050 » Version: N/A
When used together with: Cisco » Firepower 7110 » Version: N/A
When used together with: Cisco » Firepower 7115 » Version: N/A
When used together with: Cisco » Firepower 7120 » Version: N/A
When used together with: Cisco » Firepower 7125 » Version: N/A
When used together with: Cisco » Firepower 8120 » Version: N/A
When used together with: Cisco » Firepower 8130 » Version: N/A
When used together with: Cisco » Firepower 8140 » Version: N/A
When used together with: Cisco » Firepower 8250 » Version: N/A
When used together with: Cisco » Firepower 8260 » Version: N/A
When used together with: Cisco » Firepower 8270 » Version: N/A
When used together with: Cisco » Firepower 8290 » Version: N/A
When used together with: Cisco » Firepower 8350 » Version: N/A
When used together with: Cisco » Firepower 8360 » Version: N/A
When used together with: Cisco » Firepower 8370 » Version: N/A
When used together with: Cisco » Firepower 8390 » Version: N/A
When used together with: Cisco » Firepower Management Center 1000 » Version: N/A
When used together with: Cisco » Firepower Management Center 2000 » Version: N/A
When used together with: Cisco » Firepower Management Center 2500 » Version: N/A
When used together with: Cisco » Firepower Management Center 4000 » Version: N/A
When used together with: Cisco » Firesight Management Center 1500 » Version: N/A
When used together with: Cisco » Firesight Management Center 3500 » Version: N/A
When used together with: Cisco » Firesight Management Center 750 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-12627

EPSS FAQ

0.52%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 64 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-12627

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.8	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N	3.9	1.4	Cisco Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: Low Integrity: None Availability: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2019-12627

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2019-12627

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-frpwr-td-info

Cisco Firepower Threat Defense Software Information Disclosure Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-12627

Products affected by CVE-2019-12627

Exploit prediction scoring system (EPSS) score for CVE-2019-12627

CVSS scores for CVE-2019-12627

CWE ids for CVE-2019-12627

References for CVE-2019-12627