CVE-2019-1971

CVE Database · CVE-2019-1971

CVE-2019-1971

· CRITICALModified

CVSS v3.1

9.8

EPSS

3.58%

Published

Aug 8, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulnerability by providing malicious input during web portal authentication. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78CWE-20

Affected Products (1)

cisco · enterprise_network_function_virtualization_infrastructurevulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-commandinj

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-commandinj

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs