Sign-up

ID

VAR-201907-0233


CVE

CVE-2019-1894


TITLE

Cisco Enterprise NFV Infrastructure Software Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006254

DESCRIPTION

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in NFVIS filesystem commands. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite or read arbitrary files on the underlying OS. Cisco Enterprise NFV Infrastructure Software (NFVIS) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Enterprise NFV Infrastructure Software is prone to an arbitrary file-overwrite vulnerability. This issue is being tracked by Cisco Bug ID CSCvn12407. The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller

Trust: 2.07

sources: NVD: CVE-2019-1894 // JVNDB: JVNDB-2019-006254 // BID: 109037 // VULHUB: VHN-151336 // VULMON: CVE-2019-1894

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise nfv infrastructure softwarescope:eqversion:3.9.1

Trust: 1.3

vendor:ciscomodel:enterprise nfv infrastructure softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:enterprise nfv infrastructure softwarescope:eqversion:3.9.2

Trust: 0.3

vendor:ciscomodel:enterprise nfv infrastructure softwarescope:eqversion:3.8.1

Trust: 0.3

vendor:ciscomodel:enterprise nfv infrastructure softwarescope:eqversion:3.7.1

Trust: 0.3

vendor:ciscomodel:enterprise nfv infrastructure softwarescope:eqversion:3.6.3

Trust: 0.3

vendor:ciscomodel:enterprise nfv infrastructure softwarescope:neversion:3.10.1

Trust: 0.3

sources: BID: 109037 // JVNDB: JVNDB-2019-006254 // NVD: CVE-2019-1894

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1894
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1894
value: HIGH

Trust: 1.0

NVD: CVE-2019-1894
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-234
value: HIGH

Trust: 0.6

VULHUB: VHN-151336
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1894
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1894
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-151336
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1894
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-151336 // VULMON: CVE-2019-1894 // JVNDB: JVNDB-2019-006254 // CNNVD: CNNVD-201907-234 // NVD: CVE-2019-1894 // NVD: CVE-2019-1894

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-151336 // JVNDB: JVNDB-2019-006254 // NVD: CVE-2019-1894

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-234

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 109037 // CNNVD: CNNVD-201907-234

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006254

PATCH
title:cisco-sa-20190703-nfvis-file-readwriteurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-file-readwrite
Trust: 0.8
title:Cisco Enterprise NFV Infrastructure Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94423
Trust: 0.6
title:Cisco: Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190703-nfvis-file-readwrite
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1894 // 
            
            
            
            JVNDB: JVNDB-2019-006254 // 
            
            
            
            CNNVD: CNNVD-201907-234

EXTERNAL IDS
db:NVDid:CVE-2019-1894
Trust: 2.9
db:BIDid:109037
Trust: 1.1
db:JVNDBid:JVNDB-2019-006254
Trust: 0.8
db:CNNVDid:CNNVD-201907-234
Trust: 0.7
db:AUSCERTid:ESB-2019.2438
Trust: 0.6
db:VULHUBid:VHN-151336
Trust: 0.1
db:VULMONid:CVE-2019-1894
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151336 // 
            
            
            
            VULMON: CVE-2019-1894 // 
            
            
            
            BID: 109037 // 
            
            
            
            JVNDB: JVNDB-2019-006254 // 
            
            
            
            CNNVD: CNNVD-201907-234 // 
            
            
            
            NVD: CVE-2019-1894

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-nfvis-file-readwrite
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-1894
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1894
Trust: 0.8
url:https://www.securityfocus.com/bid/109037
Trust: 0.7
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-nfvis-commandinj
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2438/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151336 // 
            
            
            
            VULMON: CVE-2019-1894 // 
            
            
            
            BID: 109037 // 
            
            
            
            JVNDB: JVNDB-2019-006254 // 
            
            
            
            CNNVD: CNNVD-201907-234 // 
            
            
            
            NVD: CVE-2019-1894

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 109037 // 
            
            
            
            CNNVD: CNNVD-201907-234

SOURCES
db:VULHUBid:VHN-151336
db:VULMONid:CVE-2019-1894
db:BIDid:109037
db:JVNDBid:JVNDB-2019-006254
db:CNNVDid:CNNVD-201907-234
db:NVDid:CVE-2019-1894

LAST UPDATE DATE
2024-08-14T13:44:55.855000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151336date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-1894date:2019-10-09T00:00:00
db:BIDid:109037date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2019-006254date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-234date:2019-07-16T00:00:00
db:NVDid:CVE-2019-1894date:2019-10-09T23:48:29.097

SOURCES RELEASE DATE
db:VULHUBid:VHN-151336date:2019-07-06T00:00:00
db:VULMONid:CVE-2019-1894date:2019-07-06T00:00:00
db:BIDid:109037date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2019-006254date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-234date:2019-07-03T00:00:00
db:NVDid:CVE-2019-1894date:2019-07-06T02:15:11.450