Platform
cisco
Component
cisco-enterprise-nfv-infrastructure-software
CVE-2019-1656 is a vulnerability in the Command Line Interface (CLI) of Cisco Enterprise NFV Infrastructure Software (NFVIS). An authenticated, local attacker can exploit this flaw to gain shell access to the underlying Linux operating system. The vulnerability is due to improper input validation within the affected software.
Successful exploitation of CVE-2019-1656 allows an attacker to gain shell access to the underlying Linux operating system with a non-root user account. While not root access, this still provides significant control over the system, allowing the attacker to access system configuration files, install malicious software, and potentially escalate privileges. The impact is mitigated by the requirement for local access, but the potential for compromise remains a concern, especially in environments with limited physical security.
CVE-2019-1656 was published on January 24, 2019. The vulnerability requires local access, limiting the immediate risk. No public exploits are widely known. Severity is considered medium. No KEV or EPSS score is available.
Exploit Status
EPSS
0.04% (11% percentiel)
CVSS-vector
The primary mitigation is to upgrade to the patched version of Cisco Enterprise NFV Infrastructure Software. Restrict physical access to the device to prevent local exploitation. Implement strong authentication and authorization controls for CLI access. Regularly review system logs for any suspicious activity. After upgrading, verify the fix by attempting to execute a command that should trigger the vulnerability and confirming that it is rejected.
Actualizar el software Cisco Enterprise NFV Infrastructure a una versión que haya corregido la vulnerabilidad. Consultar el advisory de seguridad de Cisco para obtener más información y las versiones corregidas.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
It's a vulnerability in Cisco NFVIS allowing authenticated local attackers to gain shell access to the underlying Linux OS.
If you use Cisco Enterprise NFV Infrastructure Software and haven't patched, you're potentially vulnerable.
Upgrade to the latest firmware from Cisco. Restrict physical access to the device.
No widespread exploitation is publicly known, but the potential for compromise remains a concern.
Refer to the Cisco Security Advisory and the NVD entry for CVE-2019-1656 for detailed information.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.