Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2019-1656

Published: 24/01/2019 Updated: 09/10/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.3 | Impact Score: 3.4 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Enterprise Nfv Infrastructure Software

Vulnerability Summary

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local malicious user to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the malicious user to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco enterprise nfv infrastructure software 3.9.1

Vendor Advisories

Cisco: Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device The vulnerability is due to improper input validation in the affected software An attacker could exploit this vulnerability by sending c ...

References

CWE-20https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-accesshttp://www.securityfocus.com/bid/106715https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook