Vulnerability Details CVE-2019-1952
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.8%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 4.6
References
Products affected by CVE-2019-1952
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:-
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.5.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.5.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.3
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.7.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.7.2
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.8.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.9.1
-
cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.9.2