Main Vulnerability Database Vulnerabilities #VU21628

#VU21628 Input validation error in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2019-12701

Published: October 8, 2019

Vulnerability identifier: #VU21628

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-12701

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to bypass the file and malware inspection policies on an affected system.

The vulnerability exists in the file and malware inspection feature due to insufficient validation of incoming traffic. A remote attacker can send a specially crafted HTTP request, bypass the file and malware inspection policies and send malicious traffic through the affected device.

Remediation

Install updates from vendor's website. The vulnerability is fixed in the Cisco VDB Fingerprint Database release 327.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fire-bypass

#VU21628 Input validation error in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2019-12701

Description

Remediation

External links

Please verify you're human