Main Vulnerability Database Vulnerabilities #VU20389

File and Directory Information Exposure in Enterprise NFV Infrastructure Software - CVE-2019-12623

Published: August 26, 2019

Vulnerability identifier: #VU20389

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-12623

CWE-ID: CWE-538

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Enterprise NFV Infrastructure Software

Detailed vulnerability description

The vulnerability allows a remote attacker to perform file enumeration on an affected system.

The vulnerability exists in the web server functionality due to the web server responds with different error codes for exist and non-exist files. A remote attacker can send specially crafted GET requests for different file names and enumerate files residing on the system.

How to mitigate CVE-2019-12623

Install updates from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-enumeration

File and Directory Information Exposure in Enterprise NFV Infrastructure Software - CVE-2019-12623

Detailed vulnerability description

How to mitigate CVE-2019-12623

Sources

Please verify you're human