CVE-2018-0279

CWE-20Improper Input ValidationCWE-78OS Command InjectionCWE-94Code Injection6 documents6 sources
Severity
8.8HIGH
EPSS
2.3%
top 15.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Enterprise NFV Infrastructure Software
Timeline
PublishedMay 17
Latest updateMay 13

Description

A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of command arguments. An attacker could exploit this vulnerability by using crafted arguments when opening a connection to the affected device. An exploit could allow the attacker to gain shell access w

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco_enterprise_nfv_infrastructure_softwareCisco Enterprise NFV Infrastructure Software

🔴Vulnerability Details

2
GHSA
GHSA-2534-25mr-h93h: A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote2022-05-13
CVEList
CVE-2018-0279: A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote2018-05-17

📋Vendor Advisories

2
Red Hat
RichFaces: Injection of arbitrary EL variable mapper allows to bypass mitigation of CVE-2015-0279 and thereby remote code execution2018-05-30
Cisco
Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability2018-05-16

💬Community

1
Bugzilla
CVE-2018-12532 RichFaces: Injection of arbitrary EL variable mapper allows to bypass mitigation of CVE-2015-0279 and thereby remote code execution2018-05-31
CVE-2018-0279 (HIGH CVSS 8.8) | A vulnerability in the Secure Copy | cvebase.io