PT-2018-8843 · Cisco · Cisco Enterprise Nfv Infrastructure

Published

2018-10-05

Updated

2019-10-09

CVE-2018-0460

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Enterprise NFV Infrastructure Software (NFVIS) (affected versions not specified)

Description The issue is related to insufficient authorization and parameter validation checks in the REST API. An authenticated, remote attacker could exploit this by sending a malicious API request with low-privileged user credentials, potentially allowing them to read any file on the affected system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-863

Related Identifiers

CVE-2018-0460

Affected Products

Cisco Enterprise Nfv Infrastructure

PT-2018-8843 · Cisco · Cisco Enterprise Nfv Infrastructure

CVE-2018-0460

Weakness Enumeration

Related Identifiers

Affected Products

References · 3