Cisco Enterprise Nfv Infrastructure Software vulnerabilities

CVE-2026-20093 [CRITICAL] CWE-20 CVE-2026-20093: A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a

CVE-2026-20085 [MEDIUM] CWE-79 CVE-2026-20085: A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, r A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a

CVE-2026-20096 [MEDIUM] CWE-77 CVE-2026-20096: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit thi

CVE-2026-20090 [MEDIUM] CWE-79 CVE-2026-20090: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2026-20095 [MEDIUM] CWE-77 CVE-2026-20095: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit thi

CVE-2026-20087 [MEDIUM] CWE-79 CVE-2026-20087: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2026-20088 [MEDIUM] CWE-79 CVE-2026-20088: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2026-20089 [MEDIUM] CWE-79 CVE-2026-20089: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2022-20655 [HIGH] CWE-78 CVE-2022-20655: A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an au A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of

CVE-2022-20929 [HIGH] CWE-347 CVE-2022-20929: A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Softwar A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by

CVE-2022-20777 [CRITICAL] CWE-284 CVE-2022-20777: Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an atta Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this ad

CVE-2022-20780 [CRITICAL] CWE-284 CVE-2022-20780: Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an atta Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this ad

CVE-2022-20779 [CRITICAL] CWE-284 CVE-2022-20779: Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an atta Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this ad

CVE-2021-34746 [CRITICAL] CWE-289 CVE-2021-34746: A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco E A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input th

CVE-2021-1421 [HIGH] CWE-78 CVE-2021-1421: A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could exploit this vulnerability by including malicious input d

CVE-2021-1127 [MEDIUM] CWE-79 CVE-2021-1127: A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Softwar A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to improper input validation of log file content stored on the affected

CVE-2020-3478 [HIGH] CWE-20 CVE-2020-3478: A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading

CVE-2020-3365 [MEDIUM] CWE-22 CVE-2020-3365: A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerab

CVE-2020-3236 [MEDIUM] CWE-22 CVE-2020-3236: A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an au A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This vulnerability is due to improper input validation of CLI comman

CVE-2019-12623 [MEDIUM] CWE-538 CVE-2019-12623: A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An