CVE-2019-1699

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense Software (affected versions not specified)

Description The issue exists due to insufficient input validation in the command-line interface of the software, allowing an attacker to perform a command injection attack. This could enable the execution of arbitrary code with root privileges. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For all affected versions, consider restricting access to the command-line interface to minimize the risk of exploitation. As a temporary workaround, avoid using arguments that could be used for command injection in specific commands until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.