Cisco Bug: CSCvi09723 - Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability
Sep 14, 2019
- Cisco Enterprise NFV Infrastructure Software
Known Affected Releases
NFVIS-3.6.1 NFVIS-3.6.2 NFVIS-3.7.1
Symptom: A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) System Software could allow an authenticated, high privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker could exploit this vulnerability by invoking a vulnerable CLI command with crafted malicious command parameters. An exploit could allow the attacker to execute arbitrary commands with a non-root user account on the underlying Linux Operating System of the affected device. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-cli-command-injection Conditions: Please refer to the Security Advisory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases