免费扫描
MEDIUMCVE-2019-1656CVSS 5.3

Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

翻译中…

平台

cisco

组件

cisco-enterprise-nfv-infrastructure-software

AI Confidence: highNVDEPSS 0.0%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2019-1656 is a vulnerability in the Command Line Interface (CLI) of Cisco Enterprise NFV Infrastructure Software (NFVIS). An authenticated, local attacker can exploit this flaw to gain shell access to the underlying Linux operating system. The vulnerability is due to improper input validation within the affected software.

影响与攻击场景翻译中…

Successful exploitation of CVE-2019-1656 allows an attacker to gain shell access to the underlying Linux operating system with a non-root user account. While not root access, this still provides significant control over the system, allowing the attacker to access system configuration files, install malicious software, and potentially escalate privileges. The impact is mitigated by the requirement for local access, but the potential for compromise remains a concern, especially in environments with limited physical security.

利用背景翻译中…

CVE-2019-1656 was published on January 24, 2019. The vulnerability requires local access, limiting the immediate risk. No public exploits are widely known. Severity is considered medium. No KEV or EPSS score is available.

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

0.04% (11% 百分位)

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L5.3MEDIUMAttack VectorLocal攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredLow攻击所需的认证级别User InteractionNone是否需要受害者采取行动ScopeUnchanged超出受影响组件的影响范围ConfidentialityLow敏感数据泄露风险IntegrityLow数据未授权篡改风险AvailabilityLow服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
本地 — 攻击者需要系统上的本地会话或Shell。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
低 — 任何有效用户账户均可。
User Interaction
无 — 攻击自动且无声,受害者无需任何操作。
Scope
未改变 — 影响仅限于脆弱组件本身。
Confidentiality
低 — 可访问部分数据。
Integrity
低 — 攻击者可修改部分数据,影响有限。
Availability
低 — 部分或间歇性拒绝服务。

受影响的软件

组件cisco-enterprise-nfv-infrastructure-software
供应商Cisco
影响范围修复版本
n/a – n/a

弱点分类 (CWE)

CWE-20

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期
未修复 — 披露已2677天

缓解措施和替代方案翻译中…

The primary mitigation is to upgrade to the patched version of Cisco Enterprise NFV Infrastructure Software. Restrict physical access to the device to prevent local exploitation. Implement strong authentication and authorization controls for CLI access. Regularly review system logs for any suspicious activity. After upgrading, verify the fix by attempting to execute a command that should trigger the vulnerability and confirming that it is rejected.

修复方法翻译中…

Actualizar el software Cisco Enterprise NFV Infrastructure a una versión que haya corregido la vulnerabilidad. Consultar el advisory de seguridad de Cisco para obtener más información y las versiones corregidas.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2019-1656 in Cisco Enterprise NFV Infrastructure Software?

It's a vulnerability in Cisco NFVIS allowing authenticated local attackers to gain shell access to the underlying Linux OS.

Am I affected by CVE-2019-1656 in Cisco Enterprise NFV Infrastructure Software?

If you use Cisco Enterprise NFV Infrastructure Software and haven't patched, you're potentially vulnerable.

How do I fix CVE-2019-1656 in Cisco Enterprise NFV Infrastructure Software?

Upgrade to the latest firmware from Cisco. Restrict physical access to the device.

Is CVE-2019-1656 being actively exploited?

No widespread exploitation is publicly known, but the potential for compromise remains a concern.

Where can I find the official Cisco Enterprise NFV Infrastructure Software advisory for CVE-2019-1656?

Refer to the Cisco Security Advisory and the NVD entry for CVE-2019-1656 for detailed information.

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE