Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability
Description
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could exploit this vulnerability by including malicious input during the execution of this command. A successful exploit could allow a non-privileged attacker authenticated in the restricted CLI to execute arbitrary commands on the underlying operating system (OS) with root privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection vulnerability in Cisco NFVIS allows an authenticated local attacker to execute arbitrary commands with root privileges.
Vulnerability
The vulnerability is a command injection in Cisco Enterprise NFV Infrastructure Software (NFVIS). It arises from insufficient validation of user-supplied input to a configuration command. Affected versions include Cisco NFVIS releases prior to the fixed versions indicated in the Cisco advisory [1].
Exploitation
An attacker must have authenticated access to the restricted CLI of an affected NFVIS device. By providing malicious input during the execution of a specific configuration command, the attacker can inject arbitrary commands that are executed with elevated privileges.
Impact
Successful exploitation allows a non-privileged attacker to execute arbitrary commands on the underlying operating system with root privileges. This can lead to full compromise of the device, including unauthorized access, data exfiltration, and potential further network attacks.
Mitigation
Cisco has released free software updates to address this vulnerability. Users should upgrade to the fixed version indicated in the Cisco Security Advisory [1]. No workarounds are available. Customers should contact Cisco TAC if they require assistance.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Enterprise NFV Infrastructure Softwarev5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-cmdinj-DkFjqg2jmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.