CVE-2019-12690
HIGHCisco Secure Firewall Management Center < 6.3.0.5 - Authenticated OS Command Injection
Title source: llmDescription
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input in the web UI. A successful exploit could allow an attacker to execute arbitrary commands on the device with full root privileges.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj
Scores
CVSS v3
7.2
EPSS
0.0351
EPSS Percentile
87.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
cisco/secure_firewall_management_center
< 6.3.0.5
Published
Oct 02, 2019
Tracked Since
Feb 18, 2026