PT-2019-3393 · Cisco · Cisco Ftd

Publicado

2019-10-02

Atualizado

2019-10-09

CVE-2019-12674

CVSS v3.1

8.2

Alta

Vetor

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description The issue is related to insufficient protections on the underlying filesystem in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software. This could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. An attacker could exploit this by modifying critical files on the underlying filesystem, potentially impacting other running FTD instances.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Encoding or Escaping of Output

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-116CWE-216

Identificadores relacionados

BDU:2019-03534

CVE-2019-12674

Produtos afetados

Cisco Ftd

PT-2019-3393 · Cisco · Cisco Ftd

CVE-2019-12674

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4