Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability
Description
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who is logged in to the web-based management interface as a low-privileged user could exploit this vulnerability by sending a crafted HTTP request. A successful exploit could allow the attacker to use the low-privileged user account to reboot or shut down the affected system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco NFVIS web management interface allows low-privileged authenticated users to cause system reboot or shutdown via crafted HTTP request due to insufficient authorization checks.
Vulnerability
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows an authenticated, remote attacker to cause the affected system to reboot or shut down. The issue is due to insufficient server-side authorization checks. Affected versions include various releases of Cisco NFVIS; specific details are available in the referenced Cisco Security Advisory [1]. The vulnerability can be triggered by a low-privileged user logged into the web interface.
Exploitation
An attacker must be authenticated to the web-based management interface with a low-privileged user account. No additional privileges are required beyond those of a standard user. The attacker can exploit the vulnerability by sending a crafted HTTP request to the affected system. No user interaction from a privileged user is needed [1].
Impact
A successful exploit allows the attacker to cause the affected system to reboot or shut down, resulting in a denial of service (DoS) condition. The attacker does not gain any other access or control over the system beyond this disruption [1].
Mitigation
Cisco has released fixed software updates to address this vulnerability. Customers are advised to consult the Cisco bug ID mentioned in the advisory and upgrade to a fixed release. No workarounds are available [1]. For systems that are no longer supported, upgrading to a supported version is recommended.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Enterprise NFV Infrastructure Softwarev5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dosmitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/105290mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.