CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1946

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected system. A successful exploit could allow the attacker to view limited configuration details and potentially upload a virtual machine image.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.2%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 6.4

References

Products affected by CVE-2019-1946

Cisco » Enterprise Network Function Virtualization Infrastructure » Version: N/A

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:-
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.5.1

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.5.1
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.5.2

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.5.2
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.6.1

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.1
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.6.2

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.2
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.6.3

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.3
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.7.1

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.7.1
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.7.2

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.7.2
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.8.1

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.8.1
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.9.1

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.9.1
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.9.2

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1946

Products

Pricing

Contact Us