9 matches found
CVE-2019-1895
CVE-2019-1895 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) via an authentication bypass in the VNC console. The root cause is insufficient authentication for establishing a VNC session, enabling an unauthenticated, remote attacker to intercept an admin VNC session request before l...
CVE-2019-1973
Cisco Enterprise NFV Infrastructure Software (NFVIS) contains a cross-site scripting (XSS) vulnerability in its web portal framework. The issue arises from improper input validation of log file contents stored on the device, allowing an authenticated, remote attacker to craft a log file with mali...
CVE-2019-1952
CVE-2019-1952 concerns a path traversal vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS). The issue arises from improper input validation of CLI command arguments, allowing an authenticated, local attacker with valid administrator credentials to use directory trave...
CVE-2020-3236
CVE-2020-3236 (Cisco NFV Infrastructure Software NFVIS) – Path Traversal Description summary: A vulnerability in the NFVIS CLI allows an authenticated, local attacker with valid admin credentials to perform path traversal via CLI command arguments, potentially gaining root shell access and overwr...
CVE-2019-1953
CVE-2019-1953 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) web portal. The issue is due to incorrect logging of the admin password when a user is forced to modify the default password on first login, allowing an authenticated attacker to view the admin cleartext password. Impact i...
CVE-2019-1959
Cisco NFV Infrastructure Software (NFVIS) contains an Arbitrary File Read vulnerability (CVE-2019-1959) that can be exploited by an authenticated, local attacker to read arbitrary files on the underlying OS. The issue affects NFVIS versions prior to 3.11.1; root cause details are not fully disclo...
CVE-2019-1960
Cisco Enterprise NFV Infrastructure Software (NFVIS) contains multiple arbitrary file read vulnerabilities that can be exploited by an authenticated, local attacker to read arbitrary files on the device’s underlying OS. Public sources (NVD/NVDC/CNVD) describe the issue as affecting NFVIS versions...
CVE-2019-1961
CVE-2019-1961 concerns Cisco Enterprise NFV Infrastructure Software (NFVIS). The issue arises from improper input validation of tar packages uploaded through the Web Portal to the Image Repository, enabling an authenticated, remote attacker to read arbitrary files on the device’s underlying OS. E...
CVE-2019-1946
CVE-2019-1946 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) web-based management interface. The issue is an authentication bypass in the web interface due to an incorrect authentication implementation. An unauthenticated, remote attacker could access the web UI, view limited config...