25 matches found
EUVD-2018-1283
Malware in sbrugna...
EUVD-2018-7280
Malware in sbrugna...
EUVD-2019-10518
Malware in sbrugna...
EUVD-2019-10516
Malware in sbrugna...
EUVD-2020-24636
Malware in sbrugna...
EUVD-2022-26029
Malicious code in bioql PyPI...
Cisco Releases Security Updates for Enterprise NFV Infrastructure Software
Cisco has released security updates to address multiple vulnerabilities in Enterprise NFV Infrastructure Software. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Cisco advisory cisco-sa-NFVIS-MUL-7DySRX9 an...
Information disclosure
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...
CVE-2022-20779 Cisco Enterprise NFV Infrastructure Software Vulnerabilities
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...
CVE-2022-20777
Cisco Enterprise NFV Infrastructure Software (NFVIS) contains multiple vulnerabilities (CVE-2022-20777/20779/20780) that could allow an attacker to escape from a guest VM to the host, execute root-level commands, or access host data. Root causes include insufficient guest restrictions (CVE-2022-2...
CVE-2021-34746 Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability
A vulnerability in the TACACS+ authentication, authorization and accounting AAA feature of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to...
CVE-2021-1421
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...
CVE-2021-1127
Cisco Enterprise NFV Infrastructure Software (NFVIS) web-based management interface is affected by a cross-site scripting (XSS) vulnerability caused by improper input validation of log file contents. An authenticated attacker could modify a log file to include malicious code and persuade a user t...
CVE-2020-3365
A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directo...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity and...
CVE-2020-3236
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...
CVE-2019-1946 Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...
CVE-2019-1895
CVE-2019-1895 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) via an authentication bypass in the VNC console. The root cause is insufficient authentication for establishing a VNC session, enabling an unauthenticated, remote attacker to intercept an admin VNC session request before l...
The vulnerability of Cisco Enterprise NFV Infrastructure Software’s software infrastructure lies in improper validation of input data in NFVIS file system commands. This allows attackers to read or rewrite any files at will.
The vulnerability of Cisco Enterprise NFV Infrastructure Software’s software infrastructure is related to improper validation of input data in the file system’s command files. Exploiting this vulnerability allows a malicious actor to read or rewrite any arbitrary files remotely...
Cross site request forgery (csrf)
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...