Guest

Preview Tool

Cisco Bug: CSCvi09672 - Cisco NFVIS Denial of Service Vulnerability

Last Modified

Sep 05, 2018

Products (1)

  • Cisco Enterprise NFV Infrastructure Software

Known Affected Releases

nfvis-6.0 nfvis-8.0

Description (partial)

Symptom:
A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service attack against the affected system.

The vulnerability is due to insufficient validation of user provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that would interfere with the underlying operating system. An exploit would allow the attacker to leave the affected device running in a permanent state of degraded functionality.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1

Conditions:
Please refer to the Security Advisory
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.