Main Vulnerability Database Vulnerabilities #VU20389

#VU20389 File and Directory Information Exposure in Enterprise NFV Infrastructure Software - CVE-2019-12623

Published: August 26, 2019

Vulnerability identifier: #VU20389

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-12623

CWE-ID: CWE-538

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Enterprise NFV Infrastructure Software

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform file enumeration on an affected system.

The vulnerability exists in the web server functionality due to the web server responds with different error codes for exist and non-exist files. A remote attacker can send specially crafted GET requests for different file names and enumerate files residing on the system.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-enumeration

#VU20389 File and Directory Information Exposure in Enterprise NFV Infrastructure Software - CVE-2019-12623

Description

Remediation

External links

Please verify you're human