Cisco Enterprise Nfv Infrastructure vulnerabilities

CVE-2018-0323 Cisco Enterprise NFV Infrastructure Software Web Management Interface Path Traversal Vulnerability CVE-2018-0323: Cisco Enterprise NFV Infrastructure Software Web Management Interface Path Traversal Vulnerability A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request

CVE-2022-20777 Cisco Enterprise NFV Infrastructure Software Vulnerabilities CVE-2022-20777: Cisco Enterprise NFV Infrastructure Software Vulnerabilities Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-284,

CVE-2019-1894 Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability CVE-2019-1894: Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input va

CVE-2021-1421 Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability CVE-2021-1421: Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could exploit this vulne

CVE-2019-1960 Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerabilities CVE-2019-1960: Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerabilities Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the CVSS: 3.0 CWE: CWE-78, CWE-78 Bug IDs:

CVE-2018-0460 Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability CVE-2018-0460: Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability

CVE-2022-20779 Cisco Enterprise NFV Infrastructure Software Vulnerabilities CVE-2022-20779: Cisco Enterprise NFV Infrastructure Software Vulnerabilities Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-284,

CVE-2021-34746 Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability CVE-2021-34746: Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incom

CVE-2018-0462 Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability CVE-2018-0462: Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker co

CVE-2019-1961 Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability CVE-2019-1961: Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded thr

CVE-2019-1895 Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability CVE-2019-1895: Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insuf