Lucene search

CiscoCVELIST:CVE-2019-1656

HistoryJan 24, 2019 - 4:00 p.m.

CVE-2019-1656 Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

2019-01-2416:00:00

CWE-20

cisco

www.cve.org

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH.

CNA Affected

[
  {
    "product": "Cisco Enterprise NFV Infrastructure Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

www.securityfocus.com/bid/106715

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access