Cisco Enterprise NFV Infrastructure Software Configuration File privilege escalation

A vulnerability classified as critical has been found in Cisco Enterprise NFV Infrastructure Software (the affected version unknown). This affects an unknown code of the component Configuration File Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-269. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was released 07/06/2019 as cisco-sa-20190703-nfvis-comman as confirmed advisory (Website). The advisory is shared at tools.cisco.com. This vulnerability is uniquely identified as CVE-2019-1893 since 12/06/2018. An attack has to be approached locally. The successful exploitation needs a single authentication. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 07/06/2019).

Upgrading eliminates this vulnerability.

Entry connected to this vulnerability is available at 137422.

Vendor

• Cisco

Name

• Enterprise NFV Infrastructure Software

• 🔒

• 🔒

VulDB Meta Base Score: 7.8
VulDB Meta Temp Score: 7.5

VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Privilege escalation (CWE-269)
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

12/06/2018 CVE assigned
07/06/2019 +212 days Advisory disclosed
07/06/2019 +0 days VulDB entry created
07/06/2019 +0 days VulDB last updateVendor: cisco.com

Advisory: cisco-sa-20190703-nfvis-comman
Status: Confirmed

CVE: CVE-2019-1893 (🔒)
See also: 🔒

Created: 07/06/2019 10:11 AM
Complete: 🔍

Comments

Comments are closed.