CVE-2019-12697

CVE Database · CVE-2019-12697

CVE-2019-12697

· HIGHModified

CVSS v3.1

7.5

EPSS

1.46%

Published

Oct 2, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-693

Affected Products (26)

cisco · firepowervulnerable

cisco · asa_5500-x

cisco · firepower_1010

cisco · firepower_1120

cisco · firepower_1140

cisco · firepower_2110

cisco · firepower_2120

cisco · firepower_2130

cisco · firepower_2140

· firepower_4110

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-firepwr-bypass

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-firepwr-bypass

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs