CVE-2019-1961 — Vulnetix

CVE-2019-1961 PUBLISHED CVSS 4.900000095367432 MEDIUM

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS.

EPSS 0.31% · 54.9th percentile

Risk Scores

CVSS 3.0

4.900000095367432

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.31%

54.9th percentile

Affected Products

Vendor	Product	Versions
cisco	enterprise_network_function_virtualization_infrastructure	0
Cisco	Cisco Enterprise NFV Infrastructure Software	unspecified

Exploit Intelligence

20190807 Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability (circl)

Timeline

Aug 8, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score

References

20190807 Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2019-1961 advisory

Open in Interactive Console →