CVE-2019-12627

HIGH

Cisco Firepower Threat Defense < 6.4.0.4 - Sensitive Data Exposure via Policy Misidentification

Title source: llm
STIX 2.1

Description

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0115
EPSS Percentile 63.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (1)
cisco/firepower_threat_defense < 6.4.0.4
Published Aug 21, 2019
Tracked Since Feb 18, 2026