CVE-2019-1894

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.2HIGH

EPSS

2.5%

top 14.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Enterprise NFV Infrastructure Software Cisco Enterprise NFV Infrastructure Software

Timeline

PublishedJul 6

Latest updateMay 24

Description

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in NFVIS filesystem commands. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to ov…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_enterprise_nfv_infrastructure_softwareunspecified — 3.10.1

▶NVDcisco/enterprise_nfv_infrastructure_software3.9.1

🔴Vulnerability Details

GHSA

GHSA-5x6v-ccmr-rp83: A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to↗2022-05-24

▶

CVEList

Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability↗2019-07-06

▶

📋Vendor Advisories

Cisco

Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability↗2019-07-03

▶