CVE-2019-1895

Name of the Vulnerable Software and Affected Versions Cisco Enterprise NFV Infrastructure Software (NFVIS) (affected versions not specified)

Description A vulnerability in the Virtual Network Computing (VNC) console implementation could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The issue is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this by intercepting an administrator VNC session request prior to login, potentially allowing them to watch the administrator console session or interact with it, thereby gaining admin access to the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.