CVE-2019-12623
Description
A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.147
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability For Cisco Enterprise NFV Infrastructure Software | NCM |
| Insertion of Sensitive Information into Externally-Accessible File or Directory Vulnerability (CVE-2019-12623) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1700665 | Security Update for Cisco Enterprise NFV Infrastructure Software NFVIS-3.12.3 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234