Unrated severityNVD Advisory· Published Aug 8, 2019· Updated Nov 20, 2024

Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

CVE-2019-1952

Description

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco NFV Infrastructure Software (NFVIS) before 3.10.1 allows authenticated admin users to read or write arbitrary files via path traversal in CLI commands.

Vulnerability

Cisco Enterprise NFV Infrastructure Software (NFVIS) releases earlier than 3.10.1 are affected by a path traversal vulnerability in the CLI. The issue is due to improper input validation of CLI command arguments, enabling directory traversal sequences that bypass file access restrictions [1].

Exploitation

An attacker with valid administrator privileges can exploit this vulnerability by executing a vulnerable CLI command with crafted directory traversal sequences, such as ../ patterns, to overwrite or read arbitrary files on the device [1].

Impact

Successful exploitation allows the attacker to overwrite or read arbitrary files, potentially leading to full system compromise, privilege escalation, or exposure of sensitive configuration data [1].

Mitigation

Cisco has released NFVIS release 3.10.1 to address this vulnerability. No workarounds exist; users must upgrade to the fixed version or later [1].

References

Cisco Security Advisory: Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Enterprise NFV Infrastructure Software (NFVIS)llm-fuzzy
Cisco/Cisco Enterprise NFV Infrastructure Softwarev5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-cli-pathmitrevendor-advisoryx_refsource_CISCO

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000