CVE-2019-12697 MEDIUM

CVE-2019-12697: Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities

Vendor Cisco
Product Cisco FireSIGHT System Software
Weakness CWE-693
Published October 2, 2019
Last update November 19, 2024

CVSS base score

5.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory.

Key dates

02Disclosure timeline

October 2, 2019 CVE published
November 19, 2024 Record updated