7.5
CVE-2019-12627
- EPSS 0.52%
- Published 21.08.2019 19:15:13
- Last modified 21.11.2024 04:23:13
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Firepower Threat Defense Version < 6.4.0.4
Cisco ≫ Amp 7150 Version-
Cisco ≫ Amp 8150 Version-
Cisco ≫ Firepower 7010 Version-
Cisco ≫ Firepower 7020 Version-
Cisco ≫ Firepower 7030 Version-
Cisco ≫ Firepower 7050 Version-
Cisco ≫ Firepower 7110 Version-
Cisco ≫ Firepower 7115 Version-
Cisco ≫ Firepower 7120 Version-
Cisco ≫ Firepower 7125 Version-
Cisco ≫ Firepower 8120 Version-
Cisco ≫ Firepower 8130 Version-
Cisco ≫ Firepower 8140 Version-
Cisco ≫ Firepower 8250 Version-
Cisco ≫ Firepower 8260 Version-
Cisco ≫ Firepower 8270 Version-
Cisco ≫ Firepower 8290 Version-
Cisco ≫ Firepower 8350 Version-
Cisco ≫ Firepower 8360 Version-
Cisco ≫ Firepower 8370 Version-
Cisco ≫ Firepower 8390 Version-
Cisco ≫ Firepower Management Center 1000 Version-
Cisco ≫ Firepower Management Center 2000 Version-
Cisco ≫ Firepower Management Center 2500 Version-
Cisco ≫ Firepower Management Center 4000 Version-
Cisco ≫ Firesight Management Center 1500 Version-
Cisco ≫ Firesight Management Center 3500 Version-
Cisco ≫ Firesight Management Center 750 Version-
Cisco ≫ Amp 8150 Version-
Cisco ≫ Firepower 7010 Version-
Cisco ≫ Firepower 7020 Version-
Cisco ≫ Firepower 7030 Version-
Cisco ≫ Firepower 7050 Version-
Cisco ≫ Firepower 7110 Version-
Cisco ≫ Firepower 7115 Version-
Cisco ≫ Firepower 7120 Version-
Cisco ≫ Firepower 7125 Version-
Cisco ≫ Firepower 8120 Version-
Cisco ≫ Firepower 8130 Version-
Cisco ≫ Firepower 8140 Version-
Cisco ≫ Firepower 8250 Version-
Cisco ≫ Firepower 8260 Version-
Cisco ≫ Firepower 8270 Version-
Cisco ≫ Firepower 8290 Version-
Cisco ≫ Firepower 8350 Version-
Cisco ≫ Firepower 8360 Version-
Cisco ≫ Firepower 8370 Version-
Cisco ≫ Firepower 8390 Version-
Cisco ≫ Firepower Management Center 1000 Version-
Cisco ≫ Firepower Management Center 2000 Version-
Cisco ≫ Firepower Management Center 2500 Version-
Cisco ≫ Firepower Management Center 4000 Version-
Cisco ≫ Firesight Management Center 1500 Version-
Cisco ≫ Firesight Management Center 3500 Version-
Cisco ≫ Firesight Management Center 750 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.643 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| psirt@cisco.com | 5.8 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.