#VU14668 Improper input validation in Enterprise NFV Infrastructure Software - CVE-2018-0462
Vulnerability identifier: #VU14668
Vulnerability risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Enterprise NFV Infrastructure Software
Server applications /
Virtualization software
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote administrative attacker to cause DoS condition.
The vulnerability exists in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) due to insufficient validation of user-provided input. A remote attacker can log in with a highly privileged user account, perform a sequence of specific user management operations that interfere with the underlying operating system and permanently degrade the functionality of the affected system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Enterprise NFV Infrastructure Software: 6.0 - 8.0
External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
