CVE-2019-12694

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense Software (affected versions not specified)

Description The issue is related to insufficient input validation in the command line interface (CLI) of the software. This could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The attacker could exploit this by executing a specific CLI command that includes crafted arguments, potentially allowing them to execute commands on the underlying OS with root privileges.

Recommendations For all affected versions, consider restricting access to the CLI to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider limiting the use of administrative privileges for the CLI until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.