CVE-2019-12623Insertion of Sensitive Information into Externally-Accessible File or Directory in Cisco Enterprise NFV Infrastructure Software

CWE-538Insertion of Sensitive Information into Externally-Accessible File or Directory4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 64.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Enterprise NFV Infrastructure SoftwareCisco Enterprise Network Functions Virtualization Infrastructure
Timeline
PublishedAug 21
Latest updateMay 24

Description

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerat

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_enterprise_nfv_infrastructure_softwareunspecified3.12.1

🔴Vulnerability Details

2
GHSA
GHSA-r46v-fwc3-fp9x: A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an au2022-05-24
CVEList
Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability2019-08-21

📋Vendor Advisories

1
Cisco
Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability2019-08-21
CVE-2019-12623 — Cisco vulnerability | cvebase