cvelist/2019/12xxx/CVE-2019-12696.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2019-10-02T16:00:00-0700",
        "ID": "CVE-2019-12696",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Cisco FireSIGHT System Software ",
                                "version": {
                                    "version_data": [
                                        {
                                            "affected": "<",
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Cisco"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory."
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
    ],
    "impact": {
        "cvss": {
            "baseScore": "5.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N ",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-693"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "20191002 Cisco Firepower System Software Detection Engine RTF and RAR Malware and File Policy Bypass Vulnerabilities",
                "refsource": "CISCO",
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-firepwr-bypass"
            }
        ]
    },
    "source": {
        "advisory": "cisco-sa-20191002-firepwr-bypass",
        "defect": [
            [
                "CSCvo70545",
                "CSCvp66222"
            ]
        ],
        "discovery": "INTERNAL"
    }
}