Cisco Enterprise Nfv Infrastructure vulnerabilities

CVE-2018-0459 Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability CVE-2018-0459: Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to th

CVE-2019-1971 Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability CVE-2019-1971: Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. A

CVE-2020-3365 Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability CVE-2020-3365: Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attac

CVE-2021-1127 Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability CVE-2021-1127: Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to improper input validation

CVE-2020-3236 Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability CVE-2020-3236: Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This vulnerability is due to improper

CVE-2020-3478 Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability CVE-2020-3478: Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could explo

CVE-2019-1656 Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability CVE-2019-1656: Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could expl

CVE-2019-1952 Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability CVE-2019-1952: Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An

CVE-2020-3138 Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability CVE-2020-3138: Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a

CVE-2022-20929 Cisco Enterprise NFV Infrastructure Software Improper Signature Verification Vulnerability CVE-2022-20929: Cisco Enterprise NFV Infrastructure Software Improper Signature Verification Vulnerability A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification

CVE-2019-1959 Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerabilities CVE-2019-1959: Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerabilities Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the CVSS: 3.0 CWE: CWE-78, CWE-78 Bug IDs:

CVE-2019-1893 Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability CVE-2019-1893: Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root . The vulnerability is due to insufficient input validation of a configuration file that is accessib

CVE-2019-1946 Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability CVE-2019-1946: Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. Th

CVE-2019-1953 Cisco Enterprise NFV Infrastructure Software Password Recovery Vulnerability CVE-2019-1953: Cisco Enterprise NFV Infrastructure Software Password Recovery Vulnerability A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web

CVE-2019-1972 Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability CVE-2019-1972: Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root . The vulnerability is due to insuffici

CVE-2019-1973 Cisco Enterprise NFV Infrastructure Software Cross-site Scripting Vulnerability CVE-2019-1973: Cisco Enterprise NFV Infrastructure Software Cross-site Scripting Vulnerability A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file content s

CVE-2022-20780 Cisco Enterprise NFV Infrastructure Software Vulnerabilities CVE-2022-20780: Cisco Enterprise NFV Infrastructure Software Vulnerabilities Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-284,

CVE-2018-0279 Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability CVE-2018-0279: Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of command argume

CVE-2018-0324 Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability CVE-2018-0324: Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker could exploit

CVE-2018-15402 Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability CVE-2018-15402: Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An atta