Sign-up

ID

VAR-201908-0837


CVE

CVE-2019-1959


TITLE

Cisco Enterprise NFV Infrastructure Software Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007626

DESCRIPTION

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Enterprise NFV Infrastructure Software (NFVIS) Contains an input validation vulnerability.Information may be obtained. The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller. The vulnerability is caused by the program not performing proper input validation on parameters

Trust: 1.71

sources: NVD: CVE-2019-1959 // JVNDB: JVNDB-2019-007626 // VULHUB: VHN-152051

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise network function virtualization infrastructurescope:ltversion:3.11.1

Trust: 1.0

vendor:ciscomodel:enterprise nfv infrastructure softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007626 // NVD: CVE-2019-1959

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1959
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1959
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1959
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-555
value: MEDIUM

Trust: 0.6

VULHUB: VHN-152051
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-1959
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-152051
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1959
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1959
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-152051 // JVNDB: JVNDB-2019-007626 // CNNVD: CNNVD-201908-555 // NVD: CVE-2019-1959 // NVD: CVE-2019-1959

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-152051 // JVNDB: JVNDB-2019-007626 // NVD: CVE-2019-1959

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-555

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201908-555

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007626

PATCH
title:cisco-sa-20190807-nfv-readurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-read
Trust: 0.8
title:Cisco Enterprise NFV Infrastructure Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96252
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007626 // 
            
            
            
            CNNVD: CNNVD-201908-555

EXTERNAL IDS
db:NVDid:CVE-2019-1959
Trust: 2.5
db:JVNDBid:JVNDB-2019-007626
Trust: 0.8
db:CNNVDid:CNNVD-201908-555
Trust: 0.7
db:AUSCERTid:ESB-2019.2983
Trust: 0.6
db:VULHUBid:VHN-152051
Trust: 0.1
sources:
            
            
            VULHUB: VHN-152051 // 
            
            
            
            JVNDB: JVNDB-2019-007626 // 
            
            
            
            CNNVD: CNNVD-201908-555 // 
            
            
            
            NVD: CVE-2019-1959

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-read
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1959
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1959
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-commandinj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-privescal
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-vnc-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-cli-path
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-pwrecov
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-fileread
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-xss
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2983/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-152051 // 
            
            
            
            JVNDB: JVNDB-2019-007626 // 
            
            
            
            CNNVD: CNNVD-201908-555 // 
            
            
            
            NVD: CVE-2019-1959

SOURCES
db:VULHUBid:VHN-152051
db:JVNDBid:JVNDB-2019-007626
db:CNNVDid:CNNVD-201908-555
db:NVDid:CVE-2019-1959

LAST UPDATE DATE
2024-08-14T12:17:22.784000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-152051date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-007626date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-555date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1959date:2020-10-16T14:43:26.960

SOURCES RELEASE DATE
db:VULHUBid:VHN-152051date:2019-08-08T00:00:00
db:JVNDBid:JVNDB-2019-007626date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-555date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1959date:2019-08-08T08:15:12.787