Skip to main content

Enterprise Network Function Virtualization Infrastructure

14 CVEs product

Monthly

CVE-2020-3478 HIGH This Week

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-3365 MEDIUM This Month

A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-3236 MEDIUM This Month

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Path Traversal Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-3138 MEDIUM This Month

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Jwt Attack Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2019-1973 MEDIUM This Month

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-1972 MEDIUM This Month

A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-1971 CRITICAL Act Now

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-1961 MEDIUM This Month

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2019-1960 MEDIUM This Month

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-1959 MEDIUM This Month

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-1953 MEDIUM This Month

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-1952 MEDIUM This Month

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-1946 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-1895 CRITICAL Act Now

A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
9.8
EPSS
2.3%
EPSS 1% CVSS 8.1
HIGH This Week

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Path Traversal Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Jwt Attack Information Disclosure +1
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Enterprise Network Function Virtualization Infrastructure
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy