CVE-2019-1699

Summary

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Firepower Threat Defense (FTD) Softwareunspecified < 6.2.3.12affected
CiscoCisco Firepower Threat Defense (FTD) Softwareunspecified < 6.3.0.3affected

Weaknesses

  • CWE-78: CWE-78

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References