Vulnerabilities > Cisco > Enterprise NFV Infrastructure Software > 3.9.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-10 | CVE-2022-20929 | Improper Verification of Cryptographic Signature vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. | 7.8 |
| 2022-05-04 | CVE-2022-20777 | Unspecified vulnerability in Cisco Enterprise NFV Infrastructure Software Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. | 9.9 |
| 2022-05-04 | CVE-2022-20779 | Improper Input Validation vulnerability in Cisco Enterprise NFV Infrastructure Software Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. | 8.8 |
| 2022-05-04 | CVE-2022-20780 | XXE vulnerability in Cisco Enterprise NFV Infrastructure Software Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. | 7.4 |
| 2021-09-02 | CVE-2021-34746 | Improper Authentication vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. | 9.8 |
| 2021-05-06 | CVE-2021-1421 | OS Command Injection vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. | 7.8 |
| 2021-01-13 | CVE-2021-1127 | Cross-site Scripting vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 5.4 |
| 2020-11-18 | CVE-2020-3470 | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. | 9.8 |
| 2019-07-06 | CVE-2019-1894 | Improper Input Validation vulnerability in Cisco Enterprise NFV Infrastructure Software 3.9.1 A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. | 9.0 |
| 2019-07-06 | CVE-2019-1893 | OS Command Injection vulnerability in Cisco Enterprise NFV Infrastructure Software 3.9.1 A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. | 7.2 |