CVE-2019-1971

Name of the Vulnerable Software and Affected Versions Cisco Enterprise NFV Infrastructure Software (NFVIS) (affected versions not specified)

Description A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The issue is due to insufficient input validation by the web portal framework. An attacker could exploit this by providing malicious input during web portal authentication, potentially allowing the execution of arbitrary commands with root privileges on the underlying operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.