Cisco Enterprise Nfv Infrastructure Software vulnerabilities

CVE-2019-1984 [MEDIUM] CWE-20 CVE-2019-1984: A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in an NFVIS file-system command. An attac

CVE-2019-1971 [CRITICAL] CWE-78 CVE-2019-1971: A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allo A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulne

CVE-2019-1973 [MEDIUM] CWE-79 CVE-2019-1973: A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker co

CVE-2019-1946 [MEDIUM] CWE-287 CVE-2019-1946: A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Softwar A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interf

CVE-2019-1952 [MEDIUM] CWE-22 CVE-2019-1952: A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an au A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vul

CVE-2019-1960 [MEDIUM] CWE-20 CVE-2019-1960: Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an auth Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2019-1953 [MEDIUM] CWE-532 CVE-2019-1953: A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allo A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequen

CVE-2019-1961 [MEDIUM] CWE-532 CVE-2019-1961: A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could

CVE-2019-1959 [MEDIUM] CWE-20 CVE-2019-1959: Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an auth Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2019-1972 [MEDIUM] CWE-264 CVE-2019-1972: A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an

CVE-2019-1895 [CRITICAL] CWE-306 CVE-2019-1895: A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NF A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish

CVE-2019-1893 [HIGH] CWE-77 CVE-2019-1893: A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker co

CVE-2019-1894 [HIGH] CWE-20 CVE-2019-1894: A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in NFVIS filesystem commands. An attacker could exploi

CVE-2019-1656 [MEDIUM] CWE-20 CVE-2019-1656: A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an au A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending craft

CVE-2018-15402 [HIGH] CWE-352 CVE-2018-15402: A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticat A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a ta

CVE-2018-0460 [MEDIUM] CWE-285 CVE-2018-0460: A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the aut

CVE-2018-0462 [MEDIUM] CWE-20 CVE-2018-0462: A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by log

CVE-2018-0459 [MEDIUM] CWE-285 CVE-2018-0459: A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Softwar A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to the web-based management interface as

CVE-2018-0279 [HIGH] CWE-20 CVE-2018-0279: A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of comman

CVE-2018-0324 [MEDIUM] CWE-77 CVE-2018-0324: A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to pe A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker could exp