Auto-merge PR#2413

2025-05-08 19:46:39 +00:00 · 2019-08-08 03:40:50 -04:00 · 2019-08-08 03:40:50 -04:00 · beaf2a198b
commit beaf2a198b
parent 365e22fe5b c72431ac88
1 changed files with 73 additions and 4 deletions
--- a/2019/1xxx/CVE-2019-1972.json
+++ b/2019/1xxx/CVE-2019-1972.json
@ -1,8 +1,34 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2019-08-07T16:00:00-0700",
        "ID": "CVE-2019-1972",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
        "TITLE": "Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Cisco Enterprise NFV Infrastructure Software ",
                                "version": {
                                    "version_data": [
                                        {
                                            "affected": "<",
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Cisco"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +37,51 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root.  The vulnerability is due to insufficient restrictions during the execution of an affected CLI command.  An attacker could exploit this vulnerability by leveraging the insufficient restrictions during the execution of an affected command. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. "
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
    ],
    "impact": {
        "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-264"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "20190807 Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability",
                "refsource": "CISCO",
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-privescal"
            }
        ]
    },
    "source": {
        "advisory": "cisco-sa-20190807-nfv-privescal",
        "defect": [
            [
                "CSCvn12412"
            ]
        ],
        "discovery": "INTERNAL"
    }
 }