CVE-2019-1952

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device.

Severity	MEDIUM
CVSS	6.7
CWE	CWE-22
KEV
Published	6 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco Nexus Dashboard	cisco-sa-20190807-nfv-cli-path
Cisco Application Centric Infrastructure Virtual Edge	cisco-sa-20190807-nfv-cli-path
Cisco Enterprise NFV Infrastructure Software	cisco-sa-20190807-nfv-cli-path