CVE-2019-1946

CWE-287 — Improper Authentication4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 46.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Enterprise NFV Infrastructure Software Cisco Enterprise Network Function Virtualization Infrastructure

Timeline

PublishedAug 8

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5cisco/cisco_enterprise_nfv_infrastructure_softwareunspecified — 3.10.1

▶NVDcisco/enterprise_network_function_virtualization_infrastructure< 3.10.1

🔴Vulnerability Details

GHSA

GHSA-6795-rmgw-89q2: A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote a↗2022-05-24

▶

CVEList

Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability↗2019-08-08

▶

📋Vendor Advisories

Cisco

Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability↗2019-08-07

▶