Cisco Enterprise Nfv Infrastructure Software
Recent Cisco Enterprise Nfv Infrastructure Software Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2022-10-05 | Cisco Enterprise NFV Infrastructure Software Improper Signature Verification Vulnerability | October 5, 2022 |
| 2022-05-04 | Cisco Enterprise NFV Infrastructure Software Vulnerabilities | May 4, 2022 |
| 2021-09-01 | Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability | September 1, 2021 |
| 2021-05-05 | Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability | May 5, 2021 |
By the Year
In 2024 there have been 0 vulnerabilities in Cisco Enterprise Nfv Infrastructure Software . Last year Enterprise Nfv Infrastructure Software had 1 security vulnerability published. Right now, Enterprise Nfv Infrastructure Software is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.80 |
| 2022 | 3 | 8.70 |
| 2021 | 3 | 7.67 |
| 2020 | 0 | 0.00 |
| 2019 | 3 | 6.77 |
| 2018 | 1 | 8.80 |
It may take a day or so for new Enterprise Nfv Infrastructure Software vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Enterprise Nfv Infrastructure Software Security Vulnerabilities
A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could
CVE-2022-20929
7.8 - High
- March 10, 2023
A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system.
Improper Verification of Cryptographic Signature
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands
CVE-2022-20780
7.4 - High
- May 04, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.
XXE
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands
CVE-2022-20779
8.8 - High
- May 04, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.
Improper Input Validation
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands
CVE-2022-20777
9.9 - Critical
- May 04, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could
CVE-2021-34746
9.8 - Critical
- September 02, 2021
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.
authentification
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could
CVE-2021-1421
7.8 - High
- May 06, 2021
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could exploit this vulnerability by including malicious input during the execution of this command. A successful exploit could allow a non-privileged attacker authenticated in the restricted CLI to execute arbitrary commands on the underlying operating system (OS) with root privileges.
Shell injection
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could
CVE-2021-1127
5.4 - Medium
- January 13, 2021
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.
XSS
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could
CVE-2019-1893
7.8 - High
- July 06, 2019
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker could exploit this vulnerability by including malicious input during the execution of this file. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root.
Command Injection
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could
CVE-2019-1894
7.2 - High
- July 06, 2019
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in NFVIS filesystem commands. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite or read arbitrary files on the underlying OS.
Improper Input Validation
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could
CVE-2019-1656
5.3 - Medium
- January 24, 2019
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH.
Improper Input Validation
A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could
CVE-2018-0279
8.8 - High
- May 17, 2018
A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of command arguments. An attacker could exploit this vulnerability by using crafted arguments when opening a connection to the affected device. An exploit could allow the attacker to gain shell access with a non-root user account to the underlying Linux operating system on the affected device. Due to the system design, access to the Linux shell could allow execution of additional attacks that may have a significant impact on the affected system. This vulnerability affects Cisco devices that are running release 3.7.1, 3.6.3, or earlier releases of Cisco Enterprise NFV Infrastructure Software (NFVIS) when access to the SCP server is allowed on the affected device. Cisco NFVIS Releases 3.5.x and 3.6.x do allow access to the SCP server by default, while Cisco NFVIS Release 3.7.1 does not. Cisco Bug IDs: CSCvh25026.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cisco Enterprise Nfv Infrastructure Software or by Cisco? Click the Watch button to subscribe.
