CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1421 – Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1421
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could exploit this vulnerability by including malicious input during the execution of this command. A successful exploit could allow a non-privileged attacker authenticated in the restricted CLI to execute arbitrary commands on the underlying operating system (OS) with root privileges. Una vulnerabilidad en Cisco Enterprise NFV Infrastructure Software (NFVIS), podría permitir a un atacante local autenticado llevar a cabo un ataque de inyección de comandos en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-cmdinj-DkFjqg2j • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1127 – Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-1127
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. Una vulnerabilidad en la interfaz de administración basada en web del software Cisco Enterprise NFV Infrastructure Software (NFVIS), podría permitir a un atacante autenticado remoto conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de administración basada en web. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-xss-smsz5Vhb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 29EXPL: 0CVE-2020-3470 – Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3470
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1893 – Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1893
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker could exploit this vulnerability by including malicious input during the execution of this file. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. Una vulnerabilidad en Enterprise NFV Infrastructure Software (NFVIS) de Cisco, podría permitir a un atacante local identificado ejecutar comandos arbitrarios en el sistema operativo (SO) subyacente de un dispositivo afectado como root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-commandinj • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1894 – Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2019-1894
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in NFVIS filesystem commands. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite or read arbitrary files on the underlying OS. Una vulnerabilidad en Enterprise NFV Infrastructure Software (NFVIS) de Cisco, podría permitir a un atacante remoto identificado con privilegios de administrador sobrescribir o leer archivos arbitrarios en el sistema operativo subyacente (OS) de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-file-readwrite • CWE-20: Improper Input Validation •