CVE-2019-1984Improper Input Validation in Cisco Enterprise NFV Infrastructure Software

CWE-20Improper Input Validation5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.9%
top 23.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Enterprise NFV Infrastructure SoftwareCisco Enterprise Network Function Virtualization Infrastructure Sofware
Timeline
PublishedAug 21
Latest updateMay 24

Description

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in an NFVIS file-system command. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5cisco/cisco_enterprise_nfv_infrastructure_softwareunspecified3.12.1

🔴Vulnerability Details

2
GHSA
GHSA-gc6w-p352-79w8: A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker wit2022-05-24
CVEList
Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability2019-08-21

💥Exploits & PoCs

1
Exploit-DB
XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting2019-02-19

📋Vendor Advisories

1
Cisco
Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability2019-08-21
CVE-2019-1984 — Improper Input Validation in Cisco | cvebase