VYPR

Enterprise NFV Infrastructure Software (NFVIS)

by Cisco Systems, Inc.

CVEs (33)

  • CVE-2018-0460MedOct 5, 2018
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could…

  • CVE-2018-0459MedOct 5, 2018
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization…

  • CVE-2018-0323MedMay 17, 2018
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request…

  • CVE-2021-1127MedJan 13, 2021
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is…

  • CVE-2018-15402MedOct 17, 2018
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management…

  • CVE-2019-1656MedJan 24, 2019
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the…

  • CVE-2019-1961MedAug 8, 2019
    risk 0.32cvss 4.9epss 0.02

    A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages…

  • CVE-2018-0462MedOct 5, 2018
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation…

  • CVE-2019-1973MedAug 8, 2019
    risk 0.31cvss 4.8epss 0.01

    A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to improper input…

  • CVE-2019-1960MedAug 8, 2019
    risk 0.29cvss 4.4epss 0.00

    Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details…

  • CVE-2019-1959MedAug 8, 2019
    risk 0.29cvss 4.4epss 0.00

    Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details…

  • CVE-2020-3365MedSep 4, 2020
    risk 0.28cvss 4.3epss 0.02

    A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic…

  • CVE-2019-12623MedAug 21, 2019
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server…

Page 2 of 2