Cisco Enterprise Nfv Infrastructure Software vulnerabilities

CVE-2025-32433 [CRITICAL] CWE-306 CVE-2025-32433: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems a

CVE-2022-20929 [HIGH] CWE-347 CVE-2022-20929: A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Softwar A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by

CVE-2022-20777 [CRITICAL] CWE-284 CVE-2022-20777: Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an atta Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this ad

CVE-2022-20779 [CRITICAL] CWE-284 CVE-2022-20779: Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an atta Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this ad

CVE-2022-20780 [CRITICAL] CWE-284 CVE-2022-20780: Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an atta Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this ad

CVE-2021-34746 [CRITICAL] CWE-289 CVE-2021-34746: A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco E A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input th

CVE-2021-1421 [HIGH] CWE-78 CVE-2021-1421: A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could exploit this vulnerability by including malicious input d

CVE-2021-1127 [MEDIUM] CWE-79 CVE-2021-1127: A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Softwar A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to improper input validation of log file content stored on the affected

CVE-2020-3470 [CRITICAL] CWE-119 CVE-2020-3470: Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP

CVE-2019-1894 [HIGH] CWE-20 CVE-2019-1894: A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in NFVIS filesystem commands. An attacker could exploi

CVE-2019-1893 [HIGH] CWE-77 CVE-2019-1893: A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker co

CVE-2019-1656 [MEDIUM] CWE-20 CVE-2019-1656: A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an au A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending craft

CVE-2018-0279 [HIGH] CWE-20 CVE-2018-0279: A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Soft A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of command arguments. An attacker could exploit this vulne