CVE-2019-12674 vulnerability in Cisco Products
Published on October 2, 2019
Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances.
Weakness Type
What is a Container Errors Vulnerability?
This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the "container" term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry.
CVE-2019-12674 has been classified to as a Container Errors vulnerability or weakness.
Products Associated with CVE-2019-12674
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-12674 are published in these products:
Affected Versions
Cisco Firepower Threat Defense Software:- Version unspecified and below n/a is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.