CVE-2019-1961

EPSS 0.31%
Veröffentlicht 08.08.2019 08:15:12
Zuletzt bearbeitet 21.11.2024 04:37:46
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Enterprise Network Function Virtualization Infrastructure Version < 3.10.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.541

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:C/I:N/A:N
psirt@cisco.com	4.9	1.2	3.6	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-fileread

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1961

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1961

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1961

EUVD