CVE-2019-1953

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 57.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Enterprise NFV Infrastructure Software Cisco Enterprise Network Function Virtualization Infrastructure

Timeline

PublishedAug 8

Latest updateMay 24

Description

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_enterprise_nfv_infrastructure_softwareunspecified — 3.9.1

▶NVDcisco/enterprise_network_function_virtualization_infrastructure< 3.9.1

🔴Vulnerability Details

GHSA

GHSA-ppgh-3fjj-h297: A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a pass↗2022-05-24

▶

CVEList

Cisco Enterprise NFV Infrastructure Software Password Recovery Vulnerability↗2019-08-08

▶

📋Vendor Advisories

Cisco

Cisco Enterprise NFV Infrastructure Software Password Recovery Vulnerability↗2019-08-07

▶