CVE-2021-1127

Cisco Enterprise NFV Infrastructure Software (NFVIS) web-based management interface is affected by a cross-site scripting (XSS) vulnerability caused by improper input validation of log file contents. An authenticated attacker could modify a log file to include malicious code and persuade a user t...

CVE-2020-3365

A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directo...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity and...

CVE-2020-3236

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability (CNVD-2020-41804)

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. A path traversal vulnerability exists in...

Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A remote code execution vulnerability exists in the upgrade component of Cis...

The vulnerability of the implementation of backup and recovery operations for software that manages virtual infrastructure like VMware vCenter Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the implementation of backup and recovery operations for software that manages virtual infrastructure like VMware vCenter Server Appliance is related to deficiencies in verifying the authenticity of certificates. Exploiting this vulnerability can allow an attacker, operating...

The vulnerability of the implementation of backup and recovery operations for software that manages virtual infrastructure like VMware vCenter Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the implementation of backup and data restoration operations for software that manages virtual infrastructure like VMware vCenter Server Appliance is related to deficiencies in verifying the authenticity of certificates. Exploiting this vulnerability can allow an attacker,...

The vulnerability of Cisco Enterprise NFV Infrastructure Software (NFVIS) lies in errors during the validation of input data in the file system commands of NFVIS. This allows a malicious actor to re-record any files in the operating system of the vulnerable device.

The vulnerability of Cisco Enterprise NFV Infrastructure Software NFVIS is related to errors in checking input data within the file system commands of NFVIS. Exploiting this vulnerability could allow a malicious actor to re-write any files in the operating system of the vulnerable device...

The vulnerability of the command-line interface (CLI) of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface CLI of Cisco Enterprise NFV Infrastructure Software NFVIS is related to insufficient testing of arguments passed to certain CLI commands. Exploiting this vulnerability could allow a attacker to execute arbitrary commands with root privileges...

Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability

Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS is a set of Linux-based infrastructure software from Cisco. The software is mainly used for designing, deploying and managing network services and dynamically deploying virtualized network functions on supported Cisco...

The vulnerability in the software infrastructure of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of Cisco Enterprise NFV Infrastructure Software NFVIS related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands with root privileges...

The vulnerability of the remote access system for the Virtual Network Computing software infrastructure of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a hacker to increase their privileges.

The vulnerability of the remote access system of Cisco Enterprise NFV Infrastructure Software NFVIS is related to the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker operating remotely to increase their privileges...

CVE-2019-1946 Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...

Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A VNC authentication bypass vulnerability exists in the Virtual Network...

CVE-2019-1895

CVE-2019-1895 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) via an authentication bypass in the VNC console. The root cause is insufficient authentication for establishing a VNC session, enabling an unauthenticated, remote attacker to intercept an admin VNC session request before l...

PT-2019-2935 · Cisco · Cisco Enterprise Nfv Infrastructure

Name of the Vulnerable Software and Affected Versions: Cisco Enterprise NFV Infrastructure Software NFVIS affected versions not specified Description: A vulnerability in the Virtual Network Computing VNC console implementation could allow an unauthenticated, remote attacker to access the VNC...

The vulnerability of Cisco Enterprise NFV Infrastructure Software’s software infrastructure lies in improper validation of input data in NFVIS file system commands. This allows attackers to read or rewrite any files at will.

The vulnerability of Cisco Enterprise NFV Infrastructure Software’s software infrastructure is related to improper validation of input data in the file system’s command files. Exploiting this vulnerability allows a malicious actor to read or rewrite any arbitrary files remotely...

Input validation

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file...

Input validation

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...