CVE-2019-1961 vulnerability in Cisco Products
Published on August 8, 2019
Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2019-1961
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-1961 are published in these products:
Affected Versions
Cisco Enterprise NFV Infrastructure Software:- Version unspecified and below n/a is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.