Lucene search
+L

80 matches found

Cisco
Cisco
added 2019/08/07 4:0 p.m.61 views

Cisco Enterprise NFV Infrastructure Software Password Recovery Vulnerability

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when...

6.5CVSS0.9AI score0.01492EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/07/16 12:0 a.m.7 views

The vulnerability of Cisco Enterprise NFV Infrastructure Software’s software infrastructure lies in improper validation of input data in NFVIS file system commands. This allows attackers to read or rewrite any files at will.

The vulnerability of Cisco Enterprise NFV Infrastructure Software’s software infrastructure is related to improper validation of input data in the file system’s command files. Exploiting this vulnerability allows a malicious actor to read or rewrite any arbitrary files remotely...

9CVSS5.6AI score0.03451EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/07/06 1:20 a.m.25 views

CVE-2019-1894 Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...

7.2CVSS7AI score0.03451EPSS
Exploits0References1
Cisco
Cisco
added 2019/07/03 4:0 p.m.128 views

Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...

7.2CVSS2.2AI score0.03451EPSS
Exploits0References1
CISA
CISA
added 2019/07/03 12:0 a.m.12 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

7AI score
Exploits0References10
NVD
NVD
added 2018/10/17 8:29 p.m.16 views

CVE-2018-15402

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

8.8CVSS6.6AI score0.00481EPSS
Exploits0References2
Prion
Prion
added 2018/10/17 8:29 p.m.17 views

Cross site request forgery (csrf)

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

6.8CVSS8.8AI score0.00481EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2018/10/17 8:0 p.m.9 views

CVE-2018-15402 Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

5.4CVSS7.2AI score0.00481EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/10/17 8:0 p.m.19 views

CVE-2018-15402 Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

5.4CVSS8.9AI score0.00481EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/10/05 2:0 p.m.9 views

CVE-2018-0460 Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...

7AI score0.01895EPSS
Exploits0References2
CNVD
CNVD
added 2018/09/07 12:0 a.m.5 views

Cisco Enterprise NFV Infrastructure Software Input Validation Vulnerability

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. An input validation vulnerability exists ...

6.8CVSS5.2AI score0.01477EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/09/06 12:0 a.m.55 views

Cisco Network NVF Infrastructure Software (NFVIS) Detection (HTTP)

HTTP based detection of Cisco Network NVF Infrastructure Software NFVIS. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4AI score
Exploits0References1
Cisco
Cisco
added 2018/09/05 4:0 p.m.59 views

Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...

6.5CVSS0.9AI score0.01895EPSS
Exploits0References1
Symantec
Symantec
added 2018/08/14 12:0 a.m.135 views

Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability

Description Linux Kernel is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Arista Extendible Operating System EOS 4.20.0F Arista Extendible Operating System EOS 4.20.1F Arista Extendible Operating...

7.8CVSS1.3AI score0.24575EPSS
Exploits0References4Affected Software52
NVD
NVD
added 2018/05/17 3:29 a.m.15 views

CVE-2018-0324

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

6.7CVSS7AI score0.00684EPSS
Exploits0References2
Prion
Prion
added 2018/05/17 3:29 a.m.20 views

Input validation

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

9CVSS8.7AI score0.04569EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2018/05/17 3:0 a.m.10 views

CVE-2018-0323

A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker w...

6.5AI score0.01907EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/05/17 3:0 a.m.23 views

CVE-2018-0324

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

7AI score0.00684EPSS
Exploits0References2
Cisco
Cisco
added 2018/05/16 4:0 p.m.99 views

Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

6.3CVSS1.8AI score0.04569EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.57 views

Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

4.2CVSS2.7AI score0.00684EPSS
Exploits0References1
Rows per page
Query Builder