PT-2019-3393 · Cisco · Cisco Ftd

Published

2019-10-02

Updated

2019-10-09

CVE-2019-12674

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description The issue is related to insufficient protections on the underlying filesystem in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software. This could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. An attacker could exploit this by modifying critical files on the underlying filesystem, potentially impacting other running FTD instances.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-216

Related Identifiers

BDU:2019-03534

CVE-2019-12674

Affected Products

Cisco Ftd

PT-2019-3393 · Cisco · Cisco Ftd

CVE-2019-12674

Weakness Enumeration

Related Identifiers

Affected Products

References · 4