Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability
Description
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker could exploit this vulnerability by including malicious input during the execution of this file. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection vulnerability in Cisco Enterprise NFV Infrastructure Software allows an authenticated local attacker to execute arbitrary commands as root via a crafted configuration file.
Vulnerability
A command injection vulnerability exists in Cisco Enterprise NFV Infrastructure Software (NFVIS) due to insufficient input validation of a configuration file accessible to local shell users. Affected versions include all releases prior to the fixed version. The vulnerability is triggered when a local user with shell access executes a configuration file containing malicious input.
Exploitation
An attacker must have authenticated local shell access to the NFVIS system. The attacker can craft a configuration file with malicious input and execute it, leading to command injection. No additional privileges are required beyond local shell access.
Impact
Successful exploitation allows the attacker to execute arbitrary commands on the underlying operating system as root, resulting in full compromise of the affected device.
Mitigation
Cisco has released free software updates to address this vulnerability. Users should upgrade to the fixed version as specified in Cisco Security Advisory cisco-sa-20190703-nfvis-commandinj [1]. No workarounds are available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Enterprise NFV Infrastructure Softwarev5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-commandinjmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.