Sign-up

ID

VAR-201908-0843


CVE

CVE-2019-1960


TITLE

Cisco Enterprise NFV Infrastructure Software Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007625

DESCRIPTION

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Enterprise NFV Infrastructure Software (NFVIS) Contains an input validation vulnerability.Information may be obtained. The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller. The vulnerability is caused by the program not performing proper input validation on parameters

Trust: 1.71

sources: NVD: CVE-2019-1960 // JVNDB: JVNDB-2019-007625 // VULHUB: VHN-152062

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise network function virtualization infrastructurescope:ltversion:3.11.1

Trust: 1.0

vendor:ciscomodel:enterprise nfv infrastructure softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007625 // NVD: CVE-2019-1960

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1960
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1960
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1960
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-556
value: MEDIUM

Trust: 0.6

VULHUB: VHN-152062
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-1960
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-152062
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1960
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1960
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-152062 // JVNDB: JVNDB-2019-007625 // CNNVD: CNNVD-201908-556 // NVD: CVE-2019-1960 // NVD: CVE-2019-1960

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-152062 // JVNDB: JVNDB-2019-007625 // NVD: CVE-2019-1960

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-556

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201908-556

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007625

PATCH
title:cisco-sa-20190807-nfv-readurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-read
Trust: 0.8
title:Cisco Enterprise NFV Infrastructure Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96253
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007625 // 
            
            
            
            CNNVD: CNNVD-201908-556

EXTERNAL IDS
db:NVDid:CVE-2019-1960
Trust: 2.5
db:JVNDBid:JVNDB-2019-007625
Trust: 0.8
db:CNNVDid:CNNVD-201908-556
Trust: 0.7
db:AUSCERTid:ESB-2019.2983
Trust: 0.6
db:VULHUBid:VHN-152062
Trust: 0.1
sources:
            
            
            VULHUB: VHN-152062 // 
            
            
            
            JVNDB: JVNDB-2019-007625 // 
            
            
            
            CNNVD: CNNVD-201908-556 // 
            
            
            
            NVD: CVE-2019-1960

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-read
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1960
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1960
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-commandinj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-privescal
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-vnc-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-cli-path
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-pwrecov
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-fileread
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-xss
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2983/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-152062 // 
            
            
            
            JVNDB: JVNDB-2019-007625 // 
            
            
            
            CNNVD: CNNVD-201908-556 // 
            
            
            
            NVD: CVE-2019-1960

SOURCES
db:VULHUBid:VHN-152062
db:JVNDBid:JVNDB-2019-007625
db:CNNVDid:CNNVD-201908-556
db:NVDid:CVE-2019-1960

LAST UPDATE DATE
2024-08-14T12:56:11.989000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-152062date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-007625date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-556date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1960date:2020-10-16T14:44:30.007

SOURCES RELEASE DATE
db:VULHUBid:VHN-152062date:2019-08-08T00:00:00
db:JVNDBid:JVNDB-2019-007625date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-556date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1960date:2019-08-08T08:15:12.833