Lucene search
K
CiscoEnterprise Network Function Virtualization Infrastructure

14 matches found

CVE
CVE
added 2019/08/07 8:55 p.m.105 views

CVE-2019-1895

CVE-2019-1895 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) via an authentication bypass in the VNC console. The root cause is insufficient authentication for establishing a VNC session, enabling an unauthenticated, remote attacker to intercept an admin VNC session request before l...

9.8CVSS9.7AI score0.02285EPSS
CVE
CVE
added 2019/08/08 7:35 a.m.67 views

CVE-2019-1971

CVE-2019-1971 – Cisco NFVIS command-injection : The vulnerability is in the NFVIS web portal where insufficient input validation during authentication allows an unauthenticated, remote attacker to inject commands and execute arbitrary code with root privileges on the underlying OS. Connected sour...

10CVSS9.1AI score0.03578EPSS
CVE
CVE
added 2019/08/08 7:40 a.m.67 views

CVE-2019-1973

Cisco Enterprise NFV Infrastructure Software (NFVIS) contains a cross-site scripting (XSS) vulnerability in its web portal framework. The issue arises from improper input validation of log file contents stored on the device, allowing an authenticated, remote attacker to craft a log file with mali...

4.8CVSS5AI score0.00804EPSS
CVE
CVE
added 2020/02/19 7:15 p.m.64 views

CVE-2020-3138

CVE-2020-3138 affects Cisco Enterprise NFV Infrastructure Software (NFV NFVIS) upgrade component. The issue is due to insufficient signature verification in the upgrade process, allowing an authenticated, local attacker who can supply a crafted upgrade file to upload malicious code to an affected...

7.2CVSS6.4AI score0.00207EPSS
CVE
CVE
added 2020/06/18 2:21 a.m.58 views

CVE-2020-3236

CVE-2020-3236 (Cisco NFV Infrastructure Software NFVIS) – Path Traversal Description summary: A vulnerability in the NFVIS CLI allows an authenticated, local attacker with valid admin credentials to perform path traversal via CLI command arguments, potentially gaining root shell access and overwr...

7.2CVSS6.7AI score0.00467EPSS
CVE
CVE
added 2019/08/08 7:25 a.m.57 views

CVE-2019-1952

CVE-2019-1952 concerns a path traversal vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS). The issue arises from improper input validation of CLI command arguments, allowing an authenticated, local attacker with valid administrator credentials to use directory trave...

6.7CVSS6.4AI score0.00716EPSS
CVE
CVE
added 2019/08/08 7:35 a.m.56 views

CVE-2019-1972

CVE-2019-1972 affects Cisco Enterprise NFV Infrastructure Software (NFVIS). A flaw in the restricted CLI allows an authenticated, local attacker with valid administrator credentials to escalate privileges and execute arbitrary commands as root due to insufficient restrictions during the execution...

7.2CVSS6.8AI score0.00499EPSS
CVE
CVE
added 2019/08/08 7:30 a.m.53 views

CVE-2019-1953

CVE-2019-1953 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) web portal. The issue is due to incorrect logging of the admin password when a user is forced to modify the default password on first login, allowing an authenticated attacker to view the admin cleartext password. Impact i...

6.5CVSS6.5AI score0.01492EPSS
CVE
CVE
added 2019/08/08 7:35 a.m.52 views

CVE-2019-1959

Cisco NFV Infrastructure Software (NFVIS) contains an Arbitrary File Read vulnerability (CVE-2019-1959) that can be exploited by an authenticated, local attacker to read arbitrary files on the underlying OS. The issue affects NFVIS versions prior to 3.11.1; root cause details are not fully disclo...

4.4CVSS4.7AI score0.00351EPSS
CVE
CVE
added 2019/08/08 7:35 a.m.50 views

CVE-2019-1960

Cisco Enterprise NFV Infrastructure Software (NFVIS) contains multiple arbitrary file read vulnerabilities that can be exploited by an authenticated, local attacker to read arbitrary files on the device’s underlying OS. Public sources (NVD/NVDC/CNVD) describe the issue as affecting NFVIS versions...

4.4CVSS4.7AI score0.00351EPSS
CVE
CVE
added 2019/08/08 7:35 a.m.50 views

CVE-2019-1961

CVE-2019-1961 concerns Cisco Enterprise NFV Infrastructure Software (NFVIS). The issue arises from improper input validation of tar packages uploaded through the Web Portal to the Image Repository, enabling an authenticated, remote attacker to read arbitrary files on the device’s underlying OS. E...

6.8CVSS5.1AI score0.01892EPSS
CVE
CVE
added 2020/09/04 2:26 a.m.48 views

CVE-2020-3365

CVE-2020-3365 concerns Cisco Enterprise NFV Infrastructure Software (NFVIS) where a flaw in directory-permission logic can let an authenticated, remote attacker perform a directory traversal in a limited set of restricted directories and potentially overwrite files. The issue arises from capabili...

6.5CVSS5AI score0.01612EPSS
CVE
CVE
added 2019/08/08 7:20 a.m.47 views

CVE-2019-1946

CVE-2019-1946 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) web-based management interface. The issue is an authentication bypass in the web interface due to an incorrect authentication implementation. An unauthenticated, remote attacker could access the web UI, view limited config...

6.5CVSS6.7AI score0.01443EPSS
CVE
CVE
added 2020/09/04 2:25 a.m.46 views

CVE-2020-3478

CVE-2020-3478 affects Cisco Enterprise NFV Infrastructure Software (NFVIS). The REST API vulnerability arises from insufficient authorization enforcement, allowing an authenticated remote attacker to upload a file via the REST API and overwrite restricted files, potentially degrading system funct...

8.1CVSS8.1AI score0.01213EPSS