CVE-2018-0460 — Improper Authorization in Cisco Enterprise NFV Infrastructure Software

CWE-285 — Improper Authorization CWE-863 — Incorrect Authorization4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

1.1%

top 21.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Enterprise NFV Infrastructure Software

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶CVEListV5cisco/cisco_enterprise_nfv_infrastructure_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-9p9q-7f6c-m73r: A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file↗2022-05-13

▶

CVEList

Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability↗2018-09-05

▶