CVE-2019-1894
Description
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in NFVIS filesystem commands. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite or read arbitrary files on the underlying OS.
Risk Information
Base Score
7.2
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.549
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability For Cisco Enterprise NFV Infrastructure Software | NCM |
| Improper Input Validation Vulnerability (CVE-2019-1894) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1700665 | Security Update for Cisco Enterprise NFV Infrastructure Software NFVIS-3.12.3 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234