CVE-2019-1734 – Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1734
A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-12700 – Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12700
A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-12699 – Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12699
Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. Múltiples vulnerabilidades en la CLI del Software Cisco FXOS y del Software Cisco Firepower Threat Defense (FTD), podrían permitir a un atacante local autenticado ejecutar comandos en el sistema operativo (SO) subyacente con privilegios de root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-12697 – Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12697
Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Cisco Firepower System Software Detection Engine, podrían permitir a un atacante remoto no autenticado omitir las Políticas de Malware y Archivos configuradas para los tipos de archivos RTF y RAR. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-firepwr-bypass • CWE-693: Protection Mechanism Failure •
CVE-2019-12696 – Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-12696
Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Cisco Firepower System Software Detection Engine, podrían permitir a un atacante remoto no autenticado omitir las Políticas de Malware y Archivos configuradas para los tipos de archivos RTF y RAR. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-firepwr-bypass • CWE-693: Protection Mechanism Failure •