Sign-up

ID

VAR-201908-1963


CVE

CVE-2019-1952


TITLE

Cisco Enterprise NFV Infrastructure Software Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007633

DESCRIPTION

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device. Cisco Enterprise NFV Infrastructure Software (NFVIS) Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Enterprise NFV Infrastructure Software (NFVIS) is a set of NVF infrastructure software platform of Cisco (Cisco). The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller. A path traversal vulnerability exists in the CLI in versions prior to Cisco Enterprise NFVIS 3.10.1

Trust: 1.71

sources: NVD: CVE-2019-1952 // JVNDB: JVNDB-2019-007633 // VULHUB: VHN-151974

AFFECTED PRODUCTS

vendor:ciscomodel:enterprise network function virtualization infrastructurescope:ltversion:3.10.1

Trust: 1.0

vendor:ciscomodel:enterprise nfv infrastructure softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007633 // NVD: CVE-2019-1952

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1952
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1952
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1952
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-553
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151974
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1952
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151974
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1952
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1952
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-151974 // JVNDB: JVNDB-2019-007633 // CNNVD: CNNVD-201908-553 // NVD: CVE-2019-1952 // NVD: CVE-2019-1952

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-151974 // JVNDB: JVNDB-2019-007633 // NVD: CVE-2019-1952

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-553

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-553

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007633

PATCH
title:cisco-sa-20190807-nfv-cli-pathurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-cli-path
Trust: 0.8
title:Cisco Enterprise NFV Infrastructure Software Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96250
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007633 // 
            
            
            
            CNNVD: CNNVD-201908-553

EXTERNAL IDS
db:NVDid:CVE-2019-1952
Trust: 2.5
db:JVNDBid:JVNDB-2019-007633
Trust: 0.8
db:CNNVDid:CNNVD-201908-553
Trust: 0.7
db:AUSCERTid:ESB-2020.0766
Trust: 0.6
db:AUSCERTid:ESB-2019.2983
Trust: 0.6
db:AUSCERTid:ESB-2020.0200
Trust: 0.6
db:VULHUBid:VHN-151974
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151974 // 
            
            
            
            JVNDB: JVNDB-2019-007633 // 
            
            
            
            CNNVD: CNNVD-201908-553 // 
            
            
            
            NVD: CVE-2019-1952

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-cli-path
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1952
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1952
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-commandinj
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-read
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-privescal
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfvis-vnc-authbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-pwrecov
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-fileread
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-nfv-xss
Trust: 0.6
url:https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0200/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0766/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2983/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-151974 // 
            
            
            
            JVNDB: JVNDB-2019-007633 // 
            
            
            
            CNNVD: CNNVD-201908-553 // 
            
            
            
            NVD: CVE-2019-1952

SOURCES
db:VULHUBid:VHN-151974
db:JVNDBid:JVNDB-2019-007633
db:CNNVDid:CNNVD-201908-553
db:NVDid:CVE-2019-1952

LAST UPDATE DATE
2024-08-14T12:34:10.695000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151974date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-007633date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-553date:2021-11-02T00:00:00
db:NVDid:CVE-2019-1952date:2021-10-29T18:19:32.073

SOURCES RELEASE DATE
db:VULHUBid:VHN-151974date:2019-08-08T00:00:00
db:JVNDBid:JVNDB-2019-007633date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-553date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1952date:2019-08-08T08:15:12.333