CVE-2019-12689
HIGHCisco Secure Firewall Management Center < 6.2.2.2 - Authenticated Remote Code Execution via Web Interface
Title source: llmDescription
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce-12689
Scores
CVSS v3
8.8
EPSS
0.0312
EPSS Percentile
86.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (1)
cisco/secure_firewall_management_center
< 6.2.2.2
Published
Oct 02, 2019
Tracked Since
Feb 18, 2026