Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2019-1984 CVE-2019-12623 |
CWE-ID | CWE-20 CWE-538 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Enterprise NFV Infrastructure Software Server applications / Virtualization software |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU20383
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1984
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite files on the underlying operating system (OS) of an affected device.
The vulnerability exists due to improper input validation in an NFVIS file-system command. A remote authenticated administrator can use specially crafted variables during the execution of an affected command and overwrite arbitrary files on the underlying OS.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEnterprise NFV Infrastructure Software: before 3.12.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-filewrite
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU20389
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-12623
CWE-ID:
CWE-538 - File And Directory Information Exposure
Exploit availability: No
DescriptionInstall updates from vendor's website.
Vulnerable software versionsEnterprise NFV Infrastructure Software: before 3.12.1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.