CVE-2020-3138
published 2020-02-19CVE-2020-3138: A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to upload crafted code to the affected device.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | enterprise_network_function_virtualization_infrastructure | <= 3.11.1 | — |
| cisco | enterprise_nfv_infrastructure | — | — |
| cisco | na | >= unspecified < n/a | n/a |