CVE-2018-0462

Published: Oct 5, 2018Modified: Nov 21, 2024

4.9

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system.

Affected (2)

Products: Cisco: Enterprise Network Virtualization Software

1 product

Enterprise Network Virtualization Software

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Enterprise Network Virtualization Software	Version nfvis-6.0
Cisco Enterprise Network Virtualization Software	Version nfvis-8.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securityfocus.com/bid/105291

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/105291

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.