14 matches found
CVE-2019-1895
CVE-2019-1895 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) via an authentication bypass in the VNC console. The root cause is insufficient authentication for establishing a VNC session, enabling an unauthenticated, remote attacker to intercept an admin VNC session request before l...
CVE-2019-1971
CVE-2019-1971 – Cisco NFVIS command-injection : The vulnerability is in the NFVIS web portal where insufficient input validation during authentication allows an unauthenticated, remote attacker to inject commands and execute arbitrary code with root privileges on the underlying OS. Connected sour...
CVE-2019-1973
Cisco Enterprise NFV Infrastructure Software (NFVIS) contains a cross-site scripting (XSS) vulnerability in its web portal framework. The issue arises from improper input validation of log file contents stored on the device, allowing an authenticated, remote attacker to craft a log file with mali...
CVE-2020-3138
CVE-2020-3138 affects Cisco Enterprise NFV Infrastructure Software (NFV NFVIS) upgrade component. The issue is due to insufficient signature verification in the upgrade process, allowing an authenticated, local attacker who can supply a crafted upgrade file to upload malicious code to an affected...
CVE-2020-3236
CVE-2020-3236 (Cisco NFV Infrastructure Software NFVIS) – Path Traversal Description summary: A vulnerability in the NFVIS CLI allows an authenticated, local attacker with valid admin credentials to perform path traversal via CLI command arguments, potentially gaining root shell access and overwr...
CVE-2019-1952
CVE-2019-1952 concerns a path traversal vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS). The issue arises from improper input validation of CLI command arguments, allowing an authenticated, local attacker with valid administrator credentials to use directory trave...
CVE-2019-1972
CVE-2019-1972 affects Cisco Enterprise NFV Infrastructure Software (NFVIS). A flaw in the restricted CLI allows an authenticated, local attacker with valid administrator credentials to escalate privileges and execute arbitrary commands as root due to insufficient restrictions during the execution...
CVE-2019-1953
CVE-2019-1953 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) web portal. The issue is due to incorrect logging of the admin password when a user is forced to modify the default password on first login, allowing an authenticated attacker to view the admin cleartext password. Impact i...
CVE-2019-1959
Cisco NFV Infrastructure Software (NFVIS) contains an Arbitrary File Read vulnerability (CVE-2019-1959) that can be exploited by an authenticated, local attacker to read arbitrary files on the underlying OS. The issue affects NFVIS versions prior to 3.11.1; root cause details are not fully disclo...
CVE-2019-1960
Cisco Enterprise NFV Infrastructure Software (NFVIS) contains multiple arbitrary file read vulnerabilities that can be exploited by an authenticated, local attacker to read arbitrary files on the device’s underlying OS. Public sources (NVD/NVDC/CNVD) describe the issue as affecting NFVIS versions...
CVE-2019-1961
CVE-2019-1961 concerns Cisco Enterprise NFV Infrastructure Software (NFVIS). The issue arises from improper input validation of tar packages uploaded through the Web Portal to the Image Repository, enabling an authenticated, remote attacker to read arbitrary files on the device’s underlying OS. E...
CVE-2020-3365
CVE-2020-3365 concerns Cisco Enterprise NFV Infrastructure Software (NFVIS) where a flaw in directory-permission logic can let an authenticated, remote attacker perform a directory traversal in a limited set of restricted directories and potentially overwrite files. The issue arises from capabili...
CVE-2019-1946
CVE-2019-1946 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) web-based management interface. The issue is an authentication bypass in the web interface due to an incorrect authentication implementation. An unauthenticated, remote attacker could access the web UI, view limited config...
CVE-2020-3478
CVE-2020-3478 affects Cisco Enterprise NFV Infrastructure Software (NFVIS). The REST API vulnerability arises from insufficient authorization enforcement, allowing an authenticated remote attacker to upload a file via the REST API and overwrite restricted files, potentially degrading system funct...