CVE-2019-1894

Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability

CVSS 7.2 HIGHEPSS 3.5%CWE-20

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.2EPSS 3.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

06 Jul 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in NFVIS filesystem commands. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite or read arbitrary files on the underlying OS.

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Cisco · Cisco Enterprise NFV Infrastructure Software

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-file-readwrite