CVE-2019-1894 Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...

Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file...

Cisco Enterprise NFV Infrastructure Software Input Validation Vulnerability (CNVD-2019-02750)

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. An input validation vulnerability exists ...

CVE-2018-15402

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

Cross site request forgery (csrf)

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

CVE-2018-15402 Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

Cisco Network NVF Infrastructure Software (NFVIS) Detection (HTTP)

HTTP based detection of Cisco Network NVF Infrastructure Software NFVIS. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Input validation

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

CVE-2018-0324

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

CVE-2018-0324

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...