CVE-2019-12688
HIGHCisco Firepower Management Center - Authenticated Remote Code Execution via Web UI Input
Title source: llmDescription
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce
Scores
CVSS v3
8.8
EPSS
0.0339
EPSS Percentile
87.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
CWE-20
Status
published
Products (1)
cisco/secure_firewall_management_center
6.2.2
Published
Oct 02, 2019
Tracked Since
Feb 18, 2026