Lucene search
+L

80 matches found

nvd
nvd
added 2020/06/18 3:15 a.m.26 views

CVE-2020-3236

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

7.2CVSS0.00467EPSS
Exploits0References1
prion
prion
added 2020/02/19 8:15 p.m.13 views

Authorization

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by...

7.2CVSS6.4AI score0.00207EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2020/02/19 7:15 p.m.6 views

CVE-2020-3138 Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by...

6.7AI score0.00207EPSS
Exploits0References1
cisco
cisco
added 2020/02/19 4:0 p.m.45 views

Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by...

6.7CVSS1.6AI score0.00207EPSS
Exploits0References1
nvd
nvd
added 2019/08/08 8:15 a.m.16 views

CVE-2019-1960

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to read arbitrary files on the underlying operating system OS of an affected device. For more information about these vulnerabilities, see the Details section of this adviso...

4.4CVSS4.8AI score0.00351EPSS
Exploits0References1
nvd
nvd
added 2019/08/08 8:15 a.m.12 views

CVE-2019-1961

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the W...

6.8CVSS5.1AI score0.01892EPSS
Exploits0References1
osv
osv
added 2019/08/08 8:15 a.m.5 views

CVE-2019-1961

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the W...

4.9CVSS5.9AI score0.01892EPSS
Exploits0References1
prion
prion
added 2019/08/08 8:15 a.m.12 views

Input validation

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the W...

6.8CVSS5.1AI score0.01892EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2019/08/08 7:35 a.m.13 views

CVE-2019-1971 Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web...

8.1CVSS10AI score0.03578EPSS
Exploits0References1
cvelist
cvelist
added 2019/08/08 7:25 a.m.20 views

CVE-2019-1952 Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CL...

6.7CVSS6.5AI score0.00716EPSS
Exploits0References1
cvelist
cvelist
added 2019/08/08 7:20 a.m.18 views

CVE-2019-1946 Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...

6.5CVSS6.7AI score0.01443EPSS
Exploits0References1
cisa
cisa
added 2019/08/08 12:0 a.m.11 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

7.7AI score
Exploits0References7
cnvd
cnvd
added 2019/08/08 12:0 a.m.3 views

Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. An arbitrary file read vulnerability exists in Cisco Enterprise NFV...

4.4CVSS6.7AI score0.00351EPSS
Exploits0References1
cnvd
cnvd
added 2019/08/08 12:0 a.m.3 views

Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability (CNVD-2019-38857)

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A path traversal vulnerability exists in the CLI for Cisco Enterprise NFV...

6.7CVSS7AI score0.00716EPSS
Exploits0References1
cnvd
cnvd
added 2019/08/08 12:0 a.m.4 views

Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A Web Portal Arbitrary File Read vulnerability exists in Cisco Enterprise NF...

6.8CVSS6.8AI score0.01892EPSS
Exploits0References1
cve
cve
added 2019/08/07 8:55 p.m.106 views

CVE-2019-1895

CVE-2019-1895 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) via an authentication bypass in the VNC console. The root cause is insufficient authentication for establishing a VNC session, enabling an unauthenticated, remote attacker to intercept an admin VNC session request before l...

9.8CVSS9.7AI score0.02285EPSS
Exploits0References1Affected Software1
cisco
cisco
added 2019/08/07 4:0 p.m.61 views

Cisco Enterprise NFV Infrastructure Software Password Recovery Vulnerability

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when...

6.5CVSS0.9AI score0.01492EPSS
Exploits0References1
cisco
cisco
added 2019/08/07 4:0 p.m.74 views

Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability

A vulnerability the Cisco Enterprise NFV Infrastructure Software NFVIS restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due t...

6.7CVSS3.6AI score0.00499EPSS
Exploits0References1
cisco
cisco
added 2019/08/07 4:0 p.m.64 views

Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability

A vulnerability in the Virtual Network Computing VNC console implementation of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an...

9.8CVSS1.5AI score0.02285EPSS
Exploits0References1
cisco
cisco
added 2019/08/07 4:0 p.m.66 views

Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...

6.5CVSS1.8AI score0.01443EPSS
Exploits0References1
Rows per page
Query Builder