CVE-2020-3138

Name of the Vulnerable Software and Affected Versions Cisco Enterprise NFV Infrastructure Software (NFVIS) (affected versions not specified)

Description The issue is related to insufficient signature validation in the upgrade component, allowing an attacker to install a malicious file. This could enable an attacker to upload crafted code to the affected device by providing a crafted upgrade file.

Recommendations For all affected versions, consider restricting access to the upgrade component until a fix is available. As a temporary workaround, avoid using the upgrade function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.