CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1961

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.6%

CVSS Severity

CVSS v3 Score 4.9

CVSS v2 Score 6.8

References

Products affected by CVE-2019-1961

Cisco » Enterprise Network Function Virtualization Infrastructure » Version: N/A

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:-
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.5.1

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.5.1
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.5.2

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.5.2
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.6.1

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.1
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.6.2

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.2
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.6.3

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.6.3
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.7.1

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.7.1
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.7.2

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.7.2
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.8.1

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.8.1
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.9.1

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.9.1
Cisco » Enterprise Network Function Virtualization Infrastructure » Version: 3.9.2

cpe:2.3:a:cisco:enterprise_network_function_virtualization_infrastructure:3.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1961

Products

Pricing

Contact Us