CVE-2018-0324

Name of the Vulnerable Software and Affected Versions Cisco Enterprise NFV Infrastructure Software (NFVIS) (affected versions not specified)

Description A command injection attack is possible due to insufficient input validation of command parameters in the CLI parser. An attacker could invoke a vulnerable CLI command with crafted malicious parameters to execute arbitrary commands with a non-root user account on the underlying Linux operating system of the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.