CVE-2019-1971

CWE-78OS Command InjectionCWE-20Improper Input Validation4 documents4 sources
Severity
9.8CRITICAL
EPSS
1.4%
top 19.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Enterprise NFV Infrastructure SoftwareCisco Enterprise Network Function Virtualization Infrastructure
Timeline
PublishedAug 8
Latest updateMay 24

Description

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulnerability by providing malicious input during web portal authentication. A successful exploit could allow the attacker to execute arbitrary commands

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-9fqx-8qp3-fpv5: A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a2022-05-24
CVEList
Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability2019-08-08

📋Vendor Advisories

1
Cisco
Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability2019-08-07
CVE-2019-1971 (CRITICAL CVSS 9.8) | A vulnerability in the web portal o | cvebase.io