#VU52908 OS Command Injection in Enterprise NFV Infrastructure Software
Vulnerability identifier: #VU52908
Vulnerability risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-78
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Enterprise NFV Infrastructure Software
Server applications /
Virtualization software
Vendor:
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation passed to a configuration command. A local user in the restricted CLI can execute arbitrary commands on the underlying operating system (OS) with root privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-cmdinj-DkFjqg2j
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw68627
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
