Sign-up

ID

VAR-201908-1960


CVE

CVE-2019-1961


TITLE

Cisco Enterprise NFV Infrastructure Software Vulnerable to information disclosure from log files

Trust: 0.8

sources: JVNDB: JVNDB-2019-007624

DESCRIPTION

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS. The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller

Trust: 1.71

sources: NVD: CVE-2019-1961 // JVNDB: JVNDB-2019-007624 // VULHUB: VHN-152073

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise network function virtualization infrastructurescope:ltversion:3.10.1

Trust: 1.0

vendor:ciscomodel:enterprise nfv infrastructure softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007624 // NVD: CVE-2019-1961

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1961
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1961
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1961
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-557
value: MEDIUM

Trust: 0.6

VULHUB: VHN-152073
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1961
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-152073
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1961
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1961
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-152073 // JVNDB: JVNDB-2019-007624 // CNNVD: CNNVD-201908-557 // NVD: CVE-2019-1961 // NVD: CVE-2019-1961

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-152073 // JVNDB: JVNDB-2019-007624 // NVD: CVE-2019-1961

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-557

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-557

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007624

PATCH
title:cisco-sa-20190807-nfv-filereadurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-fileread
Trust: 0.8
title:Cisco Enterprise NFV Infrastructure Software Repair measures for log information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96254
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007624 // 
            
            
            
            CNNVD: CNNVD-201908-557

EXTERNAL IDS
db:NVDid:CVE-2019-1961
Trust: 2.5
db:JVNDBid:JVNDB-2019-007624
Trust: 0.8
db:CNNVDid:CNNVD-201908-557
Trust: 0.7
db:AUSCERTid:ESB-2019.2983
Trust: 0.6
db:VULHUBid:VHN-152073
Trust: 0.1
sources:
            
            
            VULHUB: VHN-152073 // 
            
            
            
            JVNDB: JVNDB-2019-007624 // 
            
            
            
            CNNVD: CNNVD-201908-557 // 
            
            
            
            NVD: CVE-2019-1961

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-fileread
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1961
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1961
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-commandinj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-read
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-privescal
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-vnc-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-cli-path
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-pwrecov
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-xss
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2983/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-152073 // 
            
            
            
            JVNDB: JVNDB-2019-007624 // 
            
            
            
            CNNVD: CNNVD-201908-557 // 
            
            
            
            NVD: CVE-2019-1961

SOURCES
db:VULHUBid:VHN-152073
db:JVNDBid:JVNDB-2019-007624
db:CNNVDid:CNNVD-201908-557
db:NVDid:CVE-2019-1961

LAST UPDATE DATE
2024-08-14T12:16:10.155000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-152073date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-007624date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-557date:2021-11-02T00:00:00
db:NVDid:CVE-2019-1961date:2021-10-29T18:34:34.443

SOURCES RELEASE DATE
db:VULHUBid:VHN-152073date:2019-08-08T00:00:00
db:JVNDBid:JVNDB-2019-007624date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-557date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1961date:2019-08-08T08:15:12.897