Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability
Description
A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions during the execution of an affected command. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco NFVIS restricted CLI vulnerability allows authenticated admin to execute arbitrary commands as root, affecting versions 3.6.3 through 3.10.3.
Vulnerability
Cisco Enterprise NFV Infrastructure Software (NFVIS) contains a privilege escalation vulnerability (CVE-2019-1972) in its restricted CLI. The bug is due to insufficient restrictions during the execution of an affected CLI command, allowing an authenticated local attacker with valid administrator-level credentials to bypass intended security boundaries. This issue affects NFVIS releases 3.6.3 through 3.10.3 [1].
Exploitation
An attacker must have valid administrator-level credentials and local access to the NFVIS system. The exploitation involves leveraging the insufficient restrictions during the execution of the vulnerable CLI command to escalate privileges [1]. No user interaction is required beyond the authenticated session.
Impact
Successful exploitation allows the attacker to elevate privileges to root on the underlying operating system and execute arbitrary commands. This results in full compromise of the NFVIS host, including the ability to read, modify, or delete sensitive data, and disrupt network functions [1].
Mitigation
Cisco has released software updates to address this vulnerability; there are no workarounds. Customers should upgrade to a fixed NFVIS release as specified in the Cisco Security Advisory [1]. The vulnerability is not known to be listed in the CISA Known Exploited Vulnerabilities (KEV) catalog at this time.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Enterprise NFV Infrastructure Softwarev5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-privescalmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.