Vulnerabilities > Cisco > Enterprise Network Function Virtualization Infrastructure > 3.12.1

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-04	CVE-2020-3478	Improper Input Validation vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. network low complexity cisco CWE-20	8.1
2020-09-04	CVE-2020-3365	Path Traversal vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. network low complexity cisco CWE-22	6.5
2020-06-18	CVE-2020-3236	Path Traversal vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. local low complexity cisco CWE-22	7.2

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.