Sign-up

ID

VAR-201908-1962


CVE

CVE-2019-1953


TITLE

Cisco Enterprise NFV Infrastructure Software Vulnerable to information disclosure from log files

Trust: 0.8

sources: JVNDB: JVNDB-2019-007632

DESCRIPTION

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability. The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller

Trust: 1.71

sources: NVD: CVE-2019-1953 // JVNDB: JVNDB-2019-007632 // VULHUB: VHN-151985

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise network function virtualization infrastructurescope:ltversion:3.9.1

Trust: 1.0

vendor:ciscomodel:enterprise nfv infrastructure softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007632 // NVD: CVE-2019-1953

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1953
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1953
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1953
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-554
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151985
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1953
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151985
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1953
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1953
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-151985 // JVNDB: JVNDB-2019-007632 // CNNVD: CNNVD-201908-554 // NVD: CVE-2019-1953 // NVD: CVE-2019-1953

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

sources: VULHUB: VHN-151985 // JVNDB: JVNDB-2019-007632 // NVD: CVE-2019-1953

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-554

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201908-554

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007632

PATCH
title:cisco-sa-20190807-nfv-pwrecovurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-pwrecov
Trust: 0.8
title:Cisco Enterprise NFV Infrastructure Software Repair measures for log information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96251
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007632 // 
            
            
            
            CNNVD: CNNVD-201908-554

EXTERNAL IDS
db:NVDid:CVE-2019-1953
Trust: 2.5
db:JVNDBid:JVNDB-2019-007632
Trust: 0.8
db:CNNVDid:CNNVD-201908-554
Trust: 0.7
db:AUSCERTid:ESB-2020.0766
Trust: 0.6
db:AUSCERTid:ESB-2019.2983
Trust: 0.6
db:AUSCERTid:ESB-2020.0200
Trust: 0.6
db:VULHUBid:VHN-151985
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151985 // 
            
            
            
            JVNDB: JVNDB-2019-007632 // 
            
            
            
            CNNVD: CNNVD-201908-554 // 
            
            
            
            NVD: CVE-2019-1953

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-pwrecov
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1953
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1953
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-commandinj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-read
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-privescal
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-vnc-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-cli-path
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-fileread
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-xss
Trust: 0.6
url:https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0200/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0766/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2983/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-151985 // 
            
            
            
            JVNDB: JVNDB-2019-007632 // 
            
            
            
            CNNVD: CNNVD-201908-554 // 
            
            
            
            NVD: CVE-2019-1953

SOURCES
db:VULHUBid:VHN-151985
db:JVNDBid:JVNDB-2019-007632
db:CNNVDid:CNNVD-201908-554
db:NVDid:CVE-2019-1953

LAST UPDATE DATE
2024-11-23T21:20:16.273000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151985date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-007632date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-554date:2020-03-04T00:00:00
db:NVDid:CVE-2019-1953date:2024-11-21T04:37:45.523

SOURCES RELEASE DATE
db:VULHUBid:VHN-151985date:2019-08-08T00:00:00
db:JVNDBid:JVNDB-2019-007632date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-554date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1953date:2019-08-08T08:15:12.413