12 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-ISV-BQrvEv2h • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco Enterprise NFV Infrastructure Software (NFVIS) podrían permitir a un atacante escapar de la máquina virtual (VM) invitada a la máquina anfitriona, inyectar comandos que son ejecutados a nivel root o filtrar datos del sistema desde el anfitrión a la VM. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://github.com/orangecertcc/security-research/security/advisories/GHSA-hrpq-384f-vrpg https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9 • CWE-284: Improper Access Control CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco Enterprise NFV Infrastructure Software (NFVIS) podrían permitir a un atacante escapar de la máquina virtual (VM) invitada a la máquina anfitriona, inyectar comandos que son ejecutados a nivel root o filtrar datos del sistema desde el anfitrión a la VM. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://github.com/orangecertcc/security-research/security/advisories/GHSA-77vw-2pmg-q492 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco Enterprise NFV Infrastructure Software (NFVIS) podrían permitir a un atacante escapar de la máquina virtual (VM) invitada a la máquina anfitriona, inyectar comandos que son ejecutados a nivel root o filtrar datos del sistema desde el anfitrión a la VM. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://github.com/orangecertcc/security-research/security/advisories/GHSA-v56f-9gq3-rx3g https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9 • CWE-284: Improper Access Control •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device. Una vulnerabilidad en la función de autenticación, autorización y contabilidad (AAA) de TACACS+ del software de infraestructura NFV de Cisco (NFVIS), podría permitir a un atacante remoto no autenticado omitir la autenticación e iniciar sesión en un dispositivo afectado como administrador. • https://github.com/orangecertcc/security-research/security/advisories/GHSA-gqx8-c4xr-c664 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh • CWE-287: Improper Authentication CWE-289: Authentication Bypass by Alternate Name •