Vulnerability CVE-2018-0462


Published: 2018-10-05

Description:
A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Cisco -> Enterprise network virtualization software 

 References:
http://www.securityfocus.com/bid/105291
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1

Copyright 2024, cxsecurity.com

 

Back to Top