Sign-up

ID

VAR-201901-0359


CVE

CVE-2019-1656


TITLE

Cisco Enterprise NFV Infrastructure Software Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-001887 // CNNVD: CNNVD-201901-873

DESCRIPTION

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH. Cisco Enterprise NFV Infrastructure Software (NFVIS) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCvm80829. The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller

Trust: 1.98

sources: NVD: CVE-2019-1656 // JVNDB: JVNDB-2019-001887 // BID: 106715 // VULHUB: VHN-148718

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise nfv infrastructure softwarescope:eqversion:3.9.1

Trust: 1.0

vendor:ciscomodel:enterprise nfv infrastructure softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:enterprise nfv infrastructure softwarescope:eqversion:0

Trust: 0.3

sources: BID: 106715 // JVNDB: JVNDB-2019-001887 // NVD: CVE-2019-1656

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1656
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1656
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1656
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-873
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148718
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1656
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148718
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1656
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-148718 // JVNDB: JVNDB-2019-001887 // CNNVD: CNNVD-201901-873 // NVD: CVE-2019-1656 // NVD: CVE-2019-1656

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-148718 // JVNDB: JVNDB-2019-001887 // NVD: CVE-2019-1656

THREAT TYPE

local

Trust: 0.9

sources: BID: 106715 // CNNVD: CNNVD-201901-873

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 106715 // CNNVD: CNNVD-201901-873

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001887

PATCH
title:cisco-sa-20190123-nfvis-shell-accessurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access
Trust: 0.8
title:Cisco Enterprise NFV Infrastructure Software Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88959
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001887 // 
            
            
            
            CNNVD: CNNVD-201901-873

EXTERNAL IDS
db:NVDid:CVE-2019-1656
Trust: 2.8
db:BIDid:106715
Trust: 2.0
db:JVNDBid:JVNDB-2019-001887
Trust: 0.8
db:CNNVDid:CNNVD-201901-873
Trust: 0.7
db:NSFOCUSid:43891
Trust: 0.6
db:VULHUBid:VHN-148718
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148718 // 
            
            
            
            BID: 106715 // 
            
            
            
            JVNDB: JVNDB-2019-001887 // 
            
            
            
            CNNVD: CNNVD-201901-873 // 
            
            
            
            NVD: CVE-2019-1656

REFERENCES
url:http://www.securityfocus.com/bid/106715
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-nfvis-shell-access
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1656
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-1656
Trust: 0.8
url:http://www.nsfocus.net/vulndb/43891
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-148718 // 
            
            
            
            BID: 106715 // 
            
            
            
            JVNDB: JVNDB-2019-001887 // 
            
            
            
            CNNVD: CNNVD-201901-873 // 
            
            
            
            NVD: CVE-2019-1656

CREDITS
This vulnerability was found during internal security testing.,Cisco
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201901-873

SOURCES
db:VULHUBid:VHN-148718
db:BIDid:106715
db:JVNDBid:JVNDB-2019-001887
db:CNNVDid:CNNVD-201901-873
db:NVDid:CVE-2019-1656

LAST UPDATE DATE
2024-08-14T15:34:06.176000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148718date:2019-10-09T00:00:00
db:BIDid:106715date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001887date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201901-873date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1656date:2019-10-09T23:47:38.360

SOURCES RELEASE DATE
db:VULHUBid:VHN-148718date:2019-01-24T00:00:00
db:BIDid:106715date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001887date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201901-873date:2019-01-24T00:00:00
db:NVDid:CVE-2019-1656date:2019-01-24T16:29:00.410