Sign-up

ID

VAR-201908-0669


CVE

CVE-2019-1984


TITLE

Cisco Enterprise Network Functions Virtualization Infrastructure Software Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008604

DESCRIPTION

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in an NFVIS file-system command. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying OS. The software is primarily used to design, deploy and manage network services and dynamically deploy virtualized network functions on supported Cisco devices

Trust: 1.71

sources: NVD: CVE-2019-1984 // JVNDB: JVNDB-2019-008604 // VULHUB: VHN-152326

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise network function virtualization infrastructure sofwarescope:ltversion:3.12.1

Trust: 1.0

vendor:ciscomodel:enterprise network functions virtualization infrastructure softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008604 // NVD: CVE-2019-1984

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1984
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1984
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1984
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-1654
value: MEDIUM

Trust: 0.6

VULHUB: VHN-152326
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1984
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-152326
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1984
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-152326 // JVNDB: JVNDB-2019-008604 // CNNVD: CNNVD-201908-1654 // NVD: CVE-2019-1984 // NVD: CVE-2019-1984

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-152326 // JVNDB: JVNDB-2019-008604 // NVD: CVE-2019-1984

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1654

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-1654

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008604

PATCH
title:cisco-sa-20190821-nfv-filewriteurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-filewrite
Trust: 0.8
title:Cisco Enterprise Network Functions Virtualization Infrastructure Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97720
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008604 // 
            
            
            
            CNNVD: CNNVD-201908-1654

EXTERNAL IDS
db:NVDid:CVE-2019-1984
Trust: 2.5
db:JVNDBid:JVNDB-2019-008604
Trust: 0.8
db:CNNVDid:CNNVD-201908-1654
Trust: 0.7
db:AUSCERTid:ESB-2019.3211.2
Trust: 0.6
db:AUSCERTid:ESB-2019.3211
Trust: 0.6
db:VULHUBid:VHN-152326
Trust: 0.1
sources:
            
            
            VULHUB: VHN-152326 // 
            
            
            
            JVNDB: JVNDB-2019-008604 // 
            
            
            
            CNNVD: CNNVD-201908-1654 // 
            
            
            
            NVD: CVE-2019-1984

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-nfv-filewrite
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1984
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1984
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190821-nfv-enumeration
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3211.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3211/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-152326 // 
            
            
            
            JVNDB: JVNDB-2019-008604 // 
            
            
            
            CNNVD: CNNVD-201908-1654 // 
            
            
            
            NVD: CVE-2019-1984

SOURCES
db:VULHUBid:VHN-152326
db:JVNDBid:JVNDB-2019-008604
db:CNNVDid:CNNVD-201908-1654
db:NVDid:CVE-2019-1984

LAST UPDATE DATE
2024-08-14T15:02:14.137000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-152326date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-008604date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-1654date:2019-09-12T00:00:00
db:NVDid:CVE-2019-1984date:2019-10-09T23:48:44.897

SOURCES RELEASE DATE
db:VULHUBid:VHN-152326date:2019-08-21T00:00:00
db:JVNDBid:JVNDB-2019-008604date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-1654date:2019-08-21T00:00:00
db:NVDid:CVE-2019-1984date:2019-08-21T19:15:15.670