Sign-up

ID

VAR-201908-1959


CVE

CVE-2019-1971


TITLE

Cisco Enterprise NFV Infrastructure Software In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007622

DESCRIPTION

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulnerability by providing malicious input during web portal authentication. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Cisco Enterprise NFV Infrastructure Software (NFVIS) is a set of NVF infrastructure software platform of Cisco (Cisco). The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller

Trust: 1.71

sources: NVD: CVE-2019-1971 // JVNDB: JVNDB-2019-007622 // VULHUB: VHN-152183

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise network function virtualization infrastructurescope:lteversion:3.8.1

Trust: 1.0

vendor:ciscomodel:enterprise network function virtualization infrastructurescope:gteversion:3.6.2

Trust: 1.0

vendor:ciscomodel:enterprise nfv infrastructure softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007622 // NVD: CVE-2019-1971

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1971
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1971
value: HIGH

Trust: 1.0

NVD: CVE-2019-1971
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201908-558
value: CRITICAL

Trust: 0.6

VULHUB: VHN-152183
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1971
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-152183
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1971
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1971
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-1971
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-152183 // JVNDB: JVNDB-2019-007622 // CNNVD: CNNVD-201908-558 // NVD: CVE-2019-1971 // NVD: CVE-2019-1971

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-152183 // JVNDB: JVNDB-2019-007622 // NVD: CVE-2019-1971

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-558

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-558

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007622

PATCH
title:cisco-sa-20190807-nfv-commandinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-commandinj
Trust: 0.8
title:Cisco Enterprise NFV Infrastructure Software Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96255
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007622 // 
            
            
            
            CNNVD: CNNVD-201908-558

EXTERNAL IDS
db:NVDid:CVE-2019-1971
Trust: 2.5
db:JVNDBid:JVNDB-2019-007622
Trust: 0.8
db:CNNVDid:CNNVD-201908-558
Trust: 0.7
db:AUSCERTid:ESB-2019.2983
Trust: 0.6
db:VULHUBid:VHN-152183
Trust: 0.1
sources:
            
            
            VULHUB: VHN-152183 // 
            
            
            
            JVNDB: JVNDB-2019-007622 // 
            
            
            
            CNNVD: CNNVD-201908-558 // 
            
            
            
            NVD: CVE-2019-1971

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-commandinj
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1971
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1971
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-read
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-privescal
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-vnc-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-cli-path
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-pwrecov
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-fileread
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-xss
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2983/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-152183 // 
            
            
            
            JVNDB: JVNDB-2019-007622 // 
            
            
            
            CNNVD: CNNVD-201908-558 // 
            
            
            
            NVD: CVE-2019-1971

SOURCES
db:VULHUBid:VHN-152183
db:JVNDBid:JVNDB-2019-007622
db:CNNVDid:CNNVD-201908-558
db:NVDid:CVE-2019-1971

LAST UPDATE DATE
2024-08-14T12:49:38.114000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-152183date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-007622date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-558date:2021-11-02T00:00:00
db:NVDid:CVE-2019-1971date:2021-10-29T18:37:06.763

SOURCES RELEASE DATE
db:VULHUBid:VHN-152183date:2019-08-08T00:00:00
db:JVNDBid:JVNDB-2019-007622date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-558date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1971date:2019-08-08T08:15:13.023