Vulnerabilities > CVE-2019-12627 - Improper Access Control vulnerability in Cisco Firepower Threat Defense

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cisco

CWE-284

nessus

NVD

Published: 2019-08-21

Updated: 2019-10-09

Summary

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Firepower Threat Defense - Cisco Firepower Threat Defense 5.3.0 Cisco Firepower Threat Defense 5.4.0 Cisco Firepower Threat Defense 6.0 Cisco Firepower Threat Defense 6.0.0 Cisco Firepower Threat Defense 6.0.0.1 Cisco Firepower Threat Defense 6.0.1 Cisco Firepower Threat Defense 6.0.1.1 Cisco Firepower Threat Defense 6.0.1.2 Cisco Firepower Threat Defense 6.0.1.3 Cisco Firepower Threat Defense 6.0.1.4 Cisco Firepower Threat Defense 6.1.0 Cisco Firepower Threat Defense 6.1.0.1 Cisco Firepower Threat Defense 6.1.0.2 Cisco Firepower Threat Defense 6.1.0.3 Cisco Firepower Threat Defense 6.1.0.4 Cisco Firepower Threat Defense 6.1.0.5 Cisco Firepower Threat Defense 6.1.0.6 Cisco Firepower Threat Defense 6.1.0.7 Cisco Firepower Threat Defense 6.2.0 Cisco Firepower Threat Defense 6.2.0.1 Cisco Firepower Threat Defense 6.2.0.2 Cisco Firepower Threat Defense 6.2.0.3 Cisco Firepower Threat Defense 6.2.0.4 Cisco Firepower Threat Defense 6.2.0.5 Cisco Firepower Threat Defense 6.2.1 Cisco Firepower Threat Defense 6.2.2 Cisco Firepower Threat Defense 6.2.2.1 Cisco Firepower Threat Defense 6.2.2.2 Cisco Firepower Threat Defense 6.2.2.3 Cisco Firepower Threat Defense 6.2.2.4 Cisco Firepower Threat Defense 6.2.2.5 Cisco Firepower Threat Defense 6.2.3 Cisco Firepower Threat Defense 6.2.3.1 Cisco Firepower Threat Defense 6.2.3.2 Cisco Firepower Threat Defense 6.2.3.3 Cisco Firepower Threat Defense 6.2.3.4 Cisco Firepower Threat Defense 6.2.3.5 Cisco Firepower Threat Defense 6.2.3.6 Cisco Firepower Threat Defense 6.2.3.7 Cisco Firepower Threat Defense 6.2.3.9 Cisco Firepower Threat Defense 6.2.3.10 Cisco Firepower Threat Defense 6.2.3.11 Cisco Firepower Threat Defense 6.2.3.12 Cisco Firepower Threat Defense 6.2.3.13 Cisco Firepower Threat Defense 6.2.3.14 Cisco Firepower Threat Defense 6.2.3.15 Cisco Firepower Threat Defense 6.2.3.16 Cisco Firepower Threat Defense 6.3.0 Cisco Firepower Threat Defense 6.3.0.1 Cisco Firepower Threat Defense 6.3.0.2 Cisco Firepower Threat Defense 6.3.0.3 Cisco Firepower Threat Defense 6.3.0.4 Cisco Firepower Threat Defense 6.3.0.5 Cisco Firepower Threat Defense 6.3.0.6 Cisco Firepower Threat Defense 6.4.0 Cisco Firepower Threat Defense 6.4.0.1 Cisco Firepower Threat Defense 6.4.0.2 Cisco Firepower Threat Defense 6.4.0.3	59
Hardware	Cisco Cisco AMP 7150 - Cisco AMP 8150 - Cisco Firepower 7010 - Cisco Firepower 7020 - Cisco Firepower 7030 - Cisco Firepower 7050 - Cisco Firepower 7110 - Cisco Firepower 7115 - Cisco Firepower 7120 - Cisco Firepower 7125 - Cisco Firepower 8120 - Cisco Firepower 8130 - Cisco Firepower 8140 - Cisco Firepower 8250 - Cisco Firepower 8260 - Cisco Firepower 8270 - Cisco Firepower 8290 - Cisco Firepower 8350 - Cisco Firepower 8360 - Cisco Firepower 8370 - Cisco Firepower 8390 - Cisco Firepower Management Center 1000 - Cisco Firepower Management Center 2000 - Cisco Firepower Management Center 2500 - Cisco Firepower Management Center 4000 - Cisco Firesight Management Center 1500 - Cisco Firesight Management Center 3500 - Cisco Firesight Management Center 750 -	28

Common Weakness Enumeration (CWE)

CWE-284 - Improper Access Control

Common Attack Pattern Enumeration and Classification (CAPEC)

Embedding Scripts within Scripts
An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20190821-FRPWR-TD-INFO.NASL
description	According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software, which could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data. Please see the included Cisco BIDs and Cisco Security Advisory for more information
last seen	2020-06-01
modified	2020-06-02
plugin id	128533
published	2019-09-06
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128533
title	Cisco Firepower Threat Defense Software Information Disclosure Vulnerability
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(128533); script_version("1.2"); script_cvs_date("Date: 2019/10/17 14:31:04"); script_cve_id("CVE-2019-12627"); script_xref(name:"CISCO-BUG-ID", value:"CSCvo29989"); script_xref(name:"CISCO-SA", value:"cisco-sa-20190821-frpwr-td-info"); script_xref(name:"IAVA", value:"2019-A-0314"); script_name(english:"Cisco Firepower Threat Defense Software Information Disclosure Vulnerability"); script_summary(english:"Checks the version of Cisco Firepower Threat Defense Software."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software, which could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data. Please see the included Cisco BIDs and Cisco Security Advisory for more information"); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-frpwr-td-info script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a964af89"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo29989"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvo29989"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12627"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(284); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/06"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:firepower_threat_defense"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); script_require_keys("Host/Cisco/ASA", "Host/Cisco/show_ver", "Settings/ParanoidReport"); exit(0); } include('audit.inc'); include('misc_func.inc'); include('global_settings.inc'); if (report_paranoia < 2) audit(AUDIT_PARANOID); show_ver = get_kb_item_or_exit('Host/Cisco/show_ver'); app = 'Cisco Firepower Threat Defense'; ver = pregmatch(string:show_ver, pattern:"\sModel\s:\s+Cisco.Threat\s+Defense.Version\s+([0-9.]+)"); if (isnull(ver)) audit(AUDIT_HOST_NOT, app); ver = ver[1]; fix = '6.4.0.4'; if (ver_compare(ver:ver, fix:fix, strict:FALSE) != -1) audit(AUDIT_INST_VER_NOT_VULN, app, ver); report = '\n Bug : CSCvn77248' + '\n Installed version : ' + ver + '\n Fixed version : ' + fix; security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-frpwr-td-info