CVE-2019-12627

CVE Database · CVE-2019-12627

CVE-2019-12627

· HIGHModified

CVSS v3.1

7.5

EPSS

1.15%

Published

Aug 21, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-284

Affected Products (29)

cisco · firepower_threat_defense (up to 6.4.0.4)vulnerable

cisco · amp_7150

cisco · amp_8150

cisco · firepower_7010

cisco · firepower_7020

cisco · firepower_7030

cisco · firepower_7050

cisco · firepower_7110

cisco · firepower_7115

cisco · firepower_7120

cisco · firepower_7125

cisco · firepower_8120

cisco · firepower_8130

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-frpwr-td-info

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-frpwr-td-info

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs