CVE-2019-12623

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:enterprise_network_functions_virtualization_infrastructure:*:*:*:*:*:*:*:*

Information

Published : 2019-08-21 11:15

Updated : 2019-10-09 16:45


NVD link : CVE-2019-12623

Mitre link : CVE-2019-12623


JSON object : View

CWE
CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

Advertisement

dedicated server usa

Products Affected

cisco

  • enterprise_network_functions_virtualization_infrastructure