CVE-2020-3478 — Improper Input Validation in Cisco Enterprise Network Function Virtualization Infrastructure

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.5%

top 32.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Enterprise Network Function Virtualization Infrastructure Cisco Enterprise NFV Infrastructure Software

Timeline

PublishedSep 4

Latest updateMay 24

Description

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality o…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5cisco/cisco_enterprise_nfv_infrastructure_softwaren/a

▶NVDcisco/enterprise_network_function_virtualization_infrastructure3.5.1 — 4.1.2

🔴Vulnerability Details

GHSA

GHSA-pj8h-h42m-ghq2: A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite cer↗2022-05-24

▶

CVEList

Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability↗2020-09-04

▶

📋Vendor Advisories

Cisco

Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability↗2020-09-02

▶