CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-1895

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile5.09th
Published2019年8月7日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device.

Affected Platforms (CPE)

📦
Cisco

Enterprise Network Function Virtualization Infrastructure

< 3.12.1

References & Advisories

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-vnc-authbypass
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-vnc-authbypass

相關漏洞威脅

CVE-2019-19846.5

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated,...

CVE-2019-126234.3

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVI...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...