// For flags

CVE-2019-12627

Cisco Firepower Threat Defense Software Information Disclosure Vulnerability

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.

Una vulnerabilidad en la configuración de la política de aplicación del software Cisco Firepower Threat Defense (FTD) podría permitir que un atacante remoto no autenticado obtenga acceso de lectura no autorizado a datos confidenciales. La vulnerabilidad se debe a la identificación insuficiente de la aplicación. Un atacante podría aprovechar esta vulnerabilidad enviando tráfico diseñado a un dispositivo afectado. Una explotación exitosa podría permitir al atacante obtener acceso de lectura no autorizado a datos confidenciales.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2019-06-04 CVE Reserved
  • 2019-08-21 CVE Published
  • 2023-05-08 EPSS Updated
  • 2024-11-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Amp 7150
Search vendor "Cisco" for product "Amp 7150"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Amp 8150
Search vendor "Cisco" for product "Amp 8150"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 7010
Search vendor "Cisco" for product "Firepower 7010"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 7020
Search vendor "Cisco" for product "Firepower 7020"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 7030
Search vendor "Cisco" for product "Firepower 7030"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 7050
Search vendor "Cisco" for product "Firepower 7050"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 7110
Search vendor "Cisco" for product "Firepower 7110"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 7115
Search vendor "Cisco" for product "Firepower 7115"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 7120
Search vendor "Cisco" for product "Firepower 7120"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 7125
Search vendor "Cisco" for product "Firepower 7125"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 8120
Search vendor "Cisco" for product "Firepower 8120"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 8130
Search vendor "Cisco" for product "Firepower 8130"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 8140
Search vendor "Cisco" for product "Firepower 8140"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 8250
Search vendor "Cisco" for product "Firepower 8250"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 8260
Search vendor "Cisco" for product "Firepower 8260"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 8270
Search vendor "Cisco" for product "Firepower 8270"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 8290
Search vendor "Cisco" for product "Firepower 8290"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 8350
Search vendor "Cisco" for product "Firepower 8350"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 8360
Search vendor "Cisco" for product "Firepower 8360"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 8370
Search vendor "Cisco" for product "Firepower 8370"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 8390
Search vendor "Cisco" for product "Firepower 8390"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower Management Center 1000
Search vendor "Cisco" for product "Firepower Management Center 1000"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower Management Center 2000
Search vendor "Cisco" for product "Firepower Management Center 2000"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower Management Center 2500
Search vendor "Cisco" for product "Firepower Management Center 2500"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower Management Center 4000
Search vendor "Cisco" for product "Firepower Management Center 4000"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firesight Management Center 1500
Search vendor "Cisco" for product "Firesight Management Center 1500"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firesight Management Center 3500
Search vendor "Cisco" for product "Firesight Management Center 3500"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
< 6.4.0.4
Search vendor "Cisco" for product "Firepower Threat Defense" and version " < 6.4.0.4"
-
Affected
in Cisco
Search vendor "Cisco"
Firesight Management Center 750
Search vendor "Cisco" for product "Firesight Management Center 750"
--
Safe