CVE-2019-1893

Name of the Vulnerable Software and Affected Versions Cisco Enterprise NFV Infrastructure Software (affected versions not specified)

Description The issue is related to insufficient input validation of a configuration file accessible to a local shell user. This could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. The attacker could exploit this by including malicious input during the execution of the configuration file.

Recommendations For Cisco Enterprise NFV Infrastructure Software, ensure proper validation of input for configuration files to prevent malicious commands from being executed. As a temporary workaround, consider restricting access to the configuration file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.