CVE-2018-0462 — Improper Input Validation in Cisco Enterprise NFV Infrastructure Software

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 43.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Enterprise NFV Infrastructure Software Cisco Enterprise Network Virtualization Software

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_enterprise_nfv_infrastructure_softwaren/a

▶NVDcisco/enterprise_network_virtualization_softwarenfvis-6.0, nfvis-8.0+1

🔴Vulnerability Details

GHSA

GHSA-6p7c-p2rc-54vq: A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote atta↗2022-05-13

▶

CVEList

Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability↗2018-09-05

▶