CyberSec.Space Logo
Back to CVE Browser

CVE-2019-1984

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1440%
EPSS Percentile30.42th
PublishedAug 21, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in an NFVIS file-system command. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying OS.

Affected Platforms (CPE)

📦
Cisco

Enterprise Network Function Virtualization Infrastructure Sofware

< 3.12.1

References & Advisories

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-filewrite
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-filewrite

Related Vulnerabilities

CVE-2019-1264310.0

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote a...

CVE-2019-1106110.0

A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network t...

CVE-2019-1302010.0

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse....

CVE-2019-1106310.0

A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an...