4 matches found
CVE-2018-0324
Summary: CVE-2018-0324 is a local command-injection vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) CLI due to insufficient input validation in the CLI parser. An authenticated, high-privilege, local attacker could trigger a vulnerable CLI command with crafted parameters to ...
CVE-2018-0323
CVE-2018-0323 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) Web Management Interface. The vulnerability arises from insufficient validation of web request parameters, enabling an authenticated, remote attacker to perform a path traversal attack and potentially access sensitive info...
CVE-2018-0460
CVE-2018-0460 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) REST API. The vulnerability arises from insufficient authorization and parameter validation, enabling an authenticated, remote attacker to read arbitrary files on an affected system. Exploitation requires the attacker to u...
CVE-2018-0459
CVE-2018-0459 concerns Cisco Enterprise NFV Infrastructure Software (NFVIS) where the web‑based management interface has insufficient server‑side authorization checks. An authenticated, low‑privileged user can send a crafted HTTP request and potentially reboot or shut down the affected system, im...