CVE-2019-1894

Name of the Vulnerable Software and Affected Versions Cisco Enterprise NFV Infrastructure Software (affected versions not specified)

Description The issue is related to improper input validation in NFVIS filesystem commands, which could allow a remote attacker with administrator privileges to read or overwrite arbitrary files on the underlying operating system of an affected device. The attacker could exploit this by using crafted variables during the execution of an affected command.

Recommendations For Cisco Enterprise NFV Infrastructure Software, consider restricting access to NFVIS filesystem commands until a patch is available. As a temporary workaround, avoid using crafted variables during the execution of affected commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.