Network Functions Virtualization Infrastructure Security Vulnerabilities - 2018

CVE-2018-0323

A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker w...

CVE-2018-0324

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

CVE-2018-0459

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who ...

CVE-2018-0460

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulner...