CVE-2019-12683 HIGH

CVE-2019-12683: Cisco Firepower Management Center SQL Injection Vulnerabilities

Vendor Cisco
Product Cisco Firepower Management Center
Weakness CWE-89 · SQLi
Published October 2, 2019
Last update November 20, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.

Key dates

02Disclosure timeline

October 2, 2019 CVE published
November 20, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-12612 School Management System for Wordpress <= 93.2.0 - Unauthenticated SQL Injection CVE-2025-11667 code-projects Automated Voting System add_candidate_modal.php. sql injection CVE-2025-11349 Campcodes Online Apartment Visitor Management System search-visitor.php sql injection CVE-2024-12157 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection CVE-2026-2012 itsourcecode Student Management System index.php sql injection