CVE-2020-3478

Name of the Vulnerable Software and Affected Versions: Cisco Enterprise NFV Infrastructure Software (NFVIS) (affected versions not specified)

Description: The issue is related to insufficient authorization enforcement in the REST API of the software, allowing an authenticated, remote attacker to overwrite certain files on an affected device. This could be achieved by uploading a file using the REST API, potentially degrading the functionality of the affected system. The vulnerability is also associated with inadequate input validation, which could enable a remote attacker to overwrite arbitrary files in the operating system of a vulnerable device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.