Filtered by vendor Cisco
Subscribe
Filtered by product Network Functions Virtualization Infrastructure
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-0324 | 1 Cisco | 1 Network Functions Virtualization Infrastructure | 2020-09-04 | 4.6 MEDIUM | 6.7 MEDIUM |
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker could exploit this vulnerability by invoking a vulnerable CLI command with crafted malicious parameters. An exploit could allow the attacker to execute arbitrary commands with a non-root user account on the underlying Linux operating system of the affected device. Cisco Bug IDs: CSCvi09723. | |||||
CVE-2018-0459 | 1 Cisco | 1 Network Functions Virtualization Infrastructure | 2019-10-09 | 6.8 MEDIUM | 6.5 MEDIUM |
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to the web-based management interface as a low-privileged user could exploit this vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to use the low-privileged user account to reboot or shut down the affected system. | |||||
CVE-2018-0460 | 1 Cisco | 1 Network Functions Virtualization Infrastructure | 2019-10-09 | 6.8 MEDIUM | 6.5 MEDIUM |
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system. | |||||
CVE-2018-0323 | 1 Cisco | 1 Network Functions Virtualization Infrastructure | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631. |