Lucene search
+L

80 matches found

Prion
Prion
added 2022/05/04 5:15 p.m.19 views

Information disclosure

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

4.3CVSS7.6AI score0.10922EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/05/04 5:15 p.m.14 views

Information disclosure

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

9.3CVSS8.8AI score0.10173EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/04 5:5 p.m.13 views

CVE-2022-20779 Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

9.9CVSS7.2AI score0.10173EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/05/04 5:5 p.m.7 views

CVE-2022-20777 Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

9.9CVSS7.1AI score0.1076EPSS
Exploits1References2
CVE
CVE
added 2022/05/04 5:5 p.m.173 views

CVE-2022-20777

Cisco Enterprise NFV Infrastructure Software (NFVIS) contains multiple vulnerabilities (CVE-2022-20777/20779/20780) that could allow an attacker to escape from a guest VM to the host, execute root-level commands, or access host data. Root causes include insufficient guest restrictions (CVE-2022-2...

9.9CVSS9.8AI score0.1076EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.5 views

Cisco Enterprise NFV Infrastructure Software 输入验证错误漏洞

Cisco Enterprise NFV Infrastructure Software is a set of NVF infrastructure software platform from Cisco USA. The platform enables full lifecycle management of virtualization services through a central orchestrator and controller.Cisco Enterprise NFV Infrastructure Software is vulnerable to a...

9.9CVSS8.3AI score0.10173EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/09/02 3:5 a.m.46 views

CVE-2021-34746 Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability

A vulnerability in the TACACS+ authentication, authorization and accounting AAA feature of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to...

9.8CVSS9.9AI score0.17661EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/09/01 12:0 a.m.8 views

PT-2021-3906 · Cisco · Cisco Enterprise Nfv Infrastructure

Name of the Vulnerable Software and Affected Versions: Cisco Enterprise NFV Infrastructure Software NFVIS affected versions not specified Description: A vulnerability in the TACACS+ authentication feature could allow an unauthenticated, remote attacker to bypass authentication and log in to an...

9.8CVSS9.5AI score0.17661EPSS
Exploits1References7
OSV
OSV
added 2021/05/06 1:15 p.m.5 views

CVE-2021-1421

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...

7.8CVSS7.4AI score0.00666EPSS
Exploits0References1
NVD
NVD
added 2021/05/06 1:15 p.m.23 views

CVE-2021-1421

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...

7.8CVSS0.00666EPSS
Exploits0References1
Prion
Prion
added 2021/05/06 1:15 p.m.15 views

Command injection

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...

7.2CVSS7.9AI score0.00666EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/05/06 12:42 p.m.7 views

CVE-2021-1421 Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...

7.8CVSS7.7AI score0.00666EPSS
Exploits0References1
CISA
CISA
added 2021/05/06 12:0 a.m.12 views

 Cisco Releases Security Updates for Multiple Products 

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...

8.2AI score
Exploits0References10
CNVD
CNVD
added 2021/01/14 12:0 a.m.9 views

Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability (CNVD-2021-05522)

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A cross-site scripting vulnerability exists in the web management interface ...

5.4CVSS6.4AI score0.00614EPSS
Exploits0References1
NVD
NVD
added 2021/01/13 10:15 p.m.20 views

CVE-2021-1127

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...

5.4CVSS5.2AI score0.00614EPSS
Exploits0References1
CVE
CVE
added 2021/01/13 9:20 p.m.64 views

CVE-2021-1127

Cisco Enterprise NFV Infrastructure Software (NFVIS) web-based management interface is affected by a cross-site scripting (XSS) vulnerability caused by improper input validation of log file contents. An authenticated attacker could modify a log file to include malicious code and persuade a user t...

5.4CVSS5.2AI score0.00614EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/09/04 3:15 a.m.18 views

CVE-2020-3478

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...

8.1CVSS8.1AI score0.01213EPSS
Exploits0References1
OSV
OSV
added 2020/09/04 3:15 a.m.6 views

CVE-2020-3478

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...

8.1CVSS7.3AI score0.01213EPSS
Exploits0References1
NVD
NVD
added 2020/09/04 3:15 a.m.22 views

CVE-2020-3365

A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directo...

6.5CVSS5AI score0.01612EPSS
Exploits0References1
CISA
CISA
added 2020/09/03 12:0 a.m.11 views

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity and...

7.8AI score
Exploits0References6
Rows per page
Query Builder