Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability
Description
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected system. A successful exploit could allow the attacker to view limited configuration details and potentially upload a virtual machine image.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco NFVIS web-based management interface authentication bypass allows unauthenticated remote attackers to view config details and upload VM images.
Vulnerability
The vulnerability resides in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS). It stems from an incorrect implementation of authentication, allowing an unauthenticated, remote attacker to bypass authentication. Affected versions are Cisco Enterprise NFVIS releases earlier than 3.10.1 [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted authentication request to the web-based management interface of an affected system. No prior authentication or user interaction is required; the attacker only needs network access to the management interface [1].
Impact
Successful exploitation grants the attacker limited access to the web-based management interface. The attacker can view limited configuration details and potentially upload a virtual machine image, which could lead to further compromise of the NFV infrastructure [1].
Mitigation
Cisco has released software updates to address this vulnerability. The fixed version is Cisco Enterprise NFVIS Release 3.10.1. There are no workarounds that address this vulnerability. Users should upgrade to the fixed release [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Enterprise NFV Infrastructure Softwarev5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-authbypassmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.