PT-2019-3078 · Cisco · Cisco Enterprise Nfv Infrastructure

Published

2019-08-07

Updated

2021-10-29

CVE-2019-1952

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Enterprise NFV Infrastructure Software (NFVIS) (affected versions not specified)

Description A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-22

Related Identifiers

BDU:2019-03060

CVE-2019-1952

Affected Products

Cisco Enterprise Nfv Infrastructure

PT-2019-3078 · Cisco · Cisco Enterprise Nfv Infrastructure

CVE-2019-1952

Weakness Enumeration

Related Identifiers

Affected Products

References · 5