VDB

CVE-2019-12674

CVE-2019-12674 PUBLISHED CVSS 8.199999809265137 HIGH

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances.

EPSS 0.03% · 9.0th percentile

Risk Scores

CVSS 3.0
8.199999809265137
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.03%
9.0th percentile

Affected Products

VendorProductVersions
ciscofirepower_4120_firmware
ciscofirepower_4145_firmware
CiscoCisco Firepower Threat Defense Softwareunspecified
ciscofirepower_4125_firmware
ciscofirepower_4115_firmware
ciscofirepower_9300_firmware
ciscofirepower_threat_defense0
ciscofirepower_4150_firmware
ciscofirepower_4140_firmware
ciscofirepower_4110_firmware

Exploit Intelligence

Timeline

  • Oct 2, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›