Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability
Description
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated, remote attacker can overwrite restricted files via the REST API in Cisco NFVIS, degrading system functionality.
Vulnerability
The vulnerability resides in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS). Due to insufficient authorization enforcement, an authenticated, remote attacker can upload files via the REST API to overwrite files that should be restricted on the affected device. The affected versions are those prior to the fixed release indicated in Cisco's advisory [1].
Exploitation
An attacker must have valid credentials for the NFVIS REST API, requiring authentication. The attacker can then craft a malicious file upload request to the REST API, targeting file paths that are normally restricted. No additional privileges beyond standard API access are needed [1].
Impact
A successful exploit allows the attacker to overwrite and upload arbitrary files on the system, which can degrade the functionality of the NFVIS device. This could lead to disruption of services, configuration corruption, or other integrity impacts [1].
Mitigation
Cisco has released fixed software updates to address this vulnerability. Customers should upgrade to the patched version as specified in Cisco's security advisory [1]. No workarounds are mentioned in the available references. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of publication.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Enterprise NFV Infrastructure Softwarev5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-file-overwrite-UONzPMkrmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.