#VU21628 Input validation error in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2019-12701
Published: October 8, 2019
Vulnerability identifier: #VU21628
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-12701
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass the file and malware inspection policies on an affected system.
The vulnerability exists in the file and malware inspection feature due to insufficient validation of incoming traffic. A remote attacker can send a specially crafted HTTP request, bypass the file and malware inspection policies and send malicious traffic through the affected device.
Remediation
Install updates from vendor's website. The vulnerability is fixed in the Cisco VDB Fingerprint Database release 327.