mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
87 lines
3.2 KiB
JSON
87 lines
3.2 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "psirt@cisco.com",
|
|
"DATE_PUBLIC": "2019-08-21T16:00:00-0700",
|
|
"ID": "CVE-2019-1984",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Cisco Enterprise NFV Infrastructure Software ",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"affected": "<",
|
|
"version_value": "3.12.1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Cisco"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in an NFVIS file-system command. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying OS."
|
|
}
|
|
]
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": {
|
|
"baseScore": "6.5",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H ",
|
|
"version": "3.0"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "20190821 Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability",
|
|
"refsource": "CISCO",
|
|
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-filewrite"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "cisco-sa-20190821-nfv-filewrite",
|
|
"defect": [
|
|
[
|
|
"CSCvp17532"
|
|
]
|
|
],
|
|
"discovery": "INTERNAL"
|
|
}
|
|
} |