Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
CVE-2019-1656

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Enterprise Nfv Infrastructure Software
Vendor: CVE Published:; 24 January 2019

Badges

👾 Exploit Exists

What is CVE-2019-1656?

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH.

Affected Version(s)

Cisco Enterprise NFV Infrastructure Software

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/106715

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Jan 24, 2019
Vulnerability Reserved
Dec 6, 2018