CVE-2018-0462

A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. The vulnerability is due to insufficient validation of user-provided input. An attacker could exploit this vulnerability by logging in with a highly privileged user account and performing a sequence of specific user management operations that interfere with the underlying operating system. A successful exploit could allow the attacker to permanently degrade the functionality of the affected system.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:enterprise_network_virtualization_software:nfvis-6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:enterprise_network_virtualization_software:nfvis-8.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:38

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/105291 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/105291 - Third Party Advisory, VDB Entry
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1 - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1 - Vendor Advisory

Information

Published : 2018-10-05 14:29

Updated : 2024-11-21 03:38


NVD link : CVE-2018-0462

Mitre link : CVE-2018-0462

CVE.ORG link : CVE-2018-0462


JSON object : View

Products Affected

cisco

  • enterprise_network_virtualization_software
CWE
CWE-20

Improper Input Validation