Sign-up

ID

VAR-201908-0853


CVE

CVE-2019-1946


TITLE

Cisco Enterprise NFV Infrastructure Software Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007654

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected system. A successful exploit could allow the attacker to view limited configuration details and potentially upload a virtual machine image. Cisco Enterprise NFV Infrastructure Software (NFVIS) Contains an authentication vulnerability.Information may be obtained and information may be altered. The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller

Trust: 1.71

sources: NVD: CVE-2019-1946 // JVNDB: JVNDB-2019-007654 // VULHUB: VHN-151908

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise network function virtualization infrastructurescope:ltversion:3.10.1

Trust: 1.0

vendor:ciscomodel:enterprise nfv infrastructure softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007654 // NVD: CVE-2019-1946

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1946
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1946
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1946
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-552
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151908
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1946
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151908
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1946
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1946
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-151908 // JVNDB: JVNDB-2019-007654 // CNNVD: CNNVD-201908-552 // NVD: CVE-2019-1946 // NVD: CVE-2019-1946

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-151908 // JVNDB: JVNDB-2019-007654 // NVD: CVE-2019-1946

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-552

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-552

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007654

PATCH
title:cisco-sa-20190807-nfvis-authbypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-authbypass
Trust: 0.8
title:Cisco Enterprise NFV Infrastructure Software Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96249
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007654 // 
            
            
            
            CNNVD: CNNVD-201908-552

EXTERNAL IDS
db:NVDid:CVE-2019-1946
Trust: 2.5
db:JVNDBid:JVNDB-2019-007654
Trust: 0.8
db:CNNVDid:CNNVD-201908-552
Trust: 0.7
db:AUSCERTid:ESB-2019.2983
Trust: 0.6
db:VULHUBid:VHN-151908
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151908 // 
            
            
            
            JVNDB: JVNDB-2019-007654 // 
            
            
            
            CNNVD: CNNVD-201908-552 // 
            
            
            
            NVD: CVE-2019-1946

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-authbypass
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1946
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1946
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-commandinj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-read
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-privescal
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-vnc-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-cli-path
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-pwrecov
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-fileread
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-xss
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2983/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-151908 // 
            
            
            
            JVNDB: JVNDB-2019-007654 // 
            
            
            
            CNNVD: CNNVD-201908-552 // 
            
            
            
            NVD: CVE-2019-1946

SOURCES
db:VULHUBid:VHN-151908
db:JVNDBid:JVNDB-2019-007654
db:CNNVDid:CNNVD-201908-552
db:NVDid:CVE-2019-1946

LAST UPDATE DATE
2024-11-23T20:38:47.655000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151908date:2023-03-08T00:00:00
db:JVNDBid:JVNDB-2019-007654date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-552date:2019-08-19T00:00:00
db:NVDid:CVE-2019-1946date:2024-11-21T04:37:44.627

SOURCES RELEASE DATE
db:VULHUBid:VHN-151908date:2019-08-08T00:00:00
db:JVNDBid:JVNDB-2019-007654date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-552date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1946date:2019-08-08T08:15:12.147