How severe is CVE-2019-12691?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.1 out of 10.

What type of vulnerability is CVE-2019-12691?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2019-12691

MEDIUM Year: 2019

CVSS v3 Score

4.1

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass Cisco FMC Software security restrictions and gain access to the underlying filesystem of the affected device.

CVE-2020-15141

MEDIUM

CVSS:4.1(Medium)

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to...

CWE-222020

CVE-2023-41290

MEDIUM

CVSS:4.1(Medium)

A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sens...

CWE-222023

CVE-2017-18824

MEDIUM

CVSS:4.0(Medium)

Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M430...

CWE-222017

CVE-2024-36795

MEDIUM

CVSS:4.0(Medium)

Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.

CWE-222024

CVE-2024-54535

MEDIUM

CVSS:4.0(Medium)

A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders...

CWE-222024

CVE-2019-3828

MEDIUM

CVSS:4.2(Medium)

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible contr...

CWE-222019

CVE-2019-12691

Vulnerability Description

Related Vulnerabilities

CVE-2020-15141

CVE-2023-41290

CVE-2017-18824

CVE-2024-36795

CVE-2024-54535

CVE-2019-3828