RCE in Cisco Firepower 4100 Series Next-generation Firewalls
CVE-2019-1611
A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to ins…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.001 (24.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.2 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Cisco Firepower 4100 Series Next-generation Firewalls — versions unspecified, unspecified, unspecified
- Cisco Firepower 9300 Security Appliance — versions unspecified, unspecified, unspecified
- Cisco Mds 9000 Series Multilayer Switches — versions unspecified, unspecified
- Cisco Nexus 2000, 5500, 5600, And 6000 Series Switches — versions unspecified, unspecified
- Cisco Nexus 3000 Series Switches — versions unspecified, unspecified
- Cisco Nexus 3500 Platform Switches — versions unspecified
- Cisco Nexus 3600 Platform Switches — versions unspecified
- Cisco Nexus 7000 And 7700 Series Switches — versions unspecified, unspecified, unspecified
- Cisco Nexus 9000 Series Switches In Standalone Nx-os Mode — versions unspecified, unspecified
- Cisco Nexus 9500 R-series Line Cards And Fabric Modules — versions unspecified
Weakness classification (CWE)
References
- 107381 (vdb-entry, x_refsource_BID)
- 20190306 Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611) (vendor-advisory, x_refsource_CISCO)
Frequently asked questions
- What is CVE-2019-1611?
- CVE-2019-1611 is a medium-severity vulnerability in Cisco Firepower 4100 Series Next-generation Firewalls, classified under Command Injection. CVSS score: 4.2/10. Published 2019-03-11.
- How severe is CVE-2019-1611?
- Medium severity. CVSS v3 base score is 4.2 out of 10.