CVE-2019-12675 : Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances.

Published 2019-10-02 19:15:12

Updated 2019-10-09 23:46:03

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2019-12675

Cisco » Firepower Threat Defense
Versions before (<) 6.4.0.2
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Matching versions
Cisco » Firepower 9300 Firmware » Version: N/A
cpe:2.3:o:cisco:firepower_9300_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Firepower 9300 » Version: N/A
Cisco » Firepower 4115 Firmware » Version: N/A
cpe:2.3:o:cisco:firepower_4115_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Firepower 4115 » Version: N/A
Cisco » Firepower 4125 Firmware » Version: N/A
cpe:2.3:o:cisco:firepower_4125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Firepower 4125 » Version: N/A
Cisco » Firepower 4145 Firmware » Version: N/A
cpe:2.3:o:cisco:firepower_4145_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Firepower 4145 » Version: N/A
Cisco » Firepower 4110 Firmware » Version: N/A
cpe:2.3:o:cisco:firepower_4110_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Firepower 4110 » Version: N/A
Cisco » Firepower 4120 Firmware » Version: N/A
cpe:2.3:o:cisco:firepower_4120_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Firepower 4120 » Version: N/A
Cisco » Firepower 4140 Firmware » Version: N/A
cpe:2.3:o:cisco:firepower_4140_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Firepower 4140 » Version: N/A
Cisco » Firepower 4150 Firmware » Version: N/A
cpe:2.3:o:cisco:firepower_4150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Firepower 4150 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-12675

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-12675

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.2	HIGH	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	1.5	6.0	Cisco Systems, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	2.0	6.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-12675

CWE-116 Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Assigned by: nvd@nist.gov (Primary)
CWE-216

Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2019-12675

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-container-esc

Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-12675

Products affected by CVE-2019-12675

Exploit prediction scoring system (EPSS) score for CVE-2019-12675

CVSS scores for CVE-2019-12675

CWE ids for CVE-2019-12675

References for CVE-2019-12675