CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-1984

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1440%
EPSS Percentile30.42th
Published2019年8月21日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in an NFVIS file-system command. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying OS.

Affected Platforms (CPE)

📦
Cisco

Enterprise Network Function Virtualization Infrastructure Sofware

< 3.12.1

References & Advisories

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-filewrite
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-filewrite

相关漏洞威胁

CVE-2019-1106110.0

A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network t...

CVE-2019-1106310.0

A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an...

CVE-2019-1264310.0

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote a...

CVE-2019-548510.0

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected throu...