CVE-2019-1895

CWE-306 — Missing Authentication4 documents4 sources

Severity

9.8CRITICAL

EPSS

2.4%

top 15.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Enterprise NFV Infrastructure Software Cisco Enterprise Network Function Virtualization Infrastructure

Timeline

PublishedAug 7

Latest updateMay 24

Description

A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/enterprise_network_function_virtualization_infrastructure< 3.12.1

▶CVEListV5cisco/cisco_enterprise_nfv_infrastructure_softwareunspecified — 3.12.1

🔴Vulnerability Details

GHSA

GHSA-4wqg-2gvp-c2c4: A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an u↗2022-05-24

▶

CVEList

Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability↗2019-08-07

▶

📋Vendor Advisories

Cisco

Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability↗2019-08-07

▶