CVE-2019-1972

CWE-2644 documents4 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 91.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Enterprise NFV Infrastructure Software Cisco Enterprise Network Function Virtualization Infrastructure

Timeline

PublishedAug 8

Latest updateMay 24

Description

A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions during the execution of an affected…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_enterprise_nfv_infrastructure_softwareunspecified — n/a

▶NVDcisco/enterprise_network_function_virtualization_infrastructure3.6.3 — 3.10.3

🔴Vulnerability Details

GHSA

GHSA-42w8-3c74-8cp2: A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid admini↗2022-05-24

▶

CVEList

Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability↗2019-08-08

▶

📋Vendor Advisories

Cisco

Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability↗2019-08-07

▶