CVE-2018-0323: Path Traversal
First published: Thu May 17 2018(Updated: )
A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Enterprise Network Functions Virtualization Infrastructure Software | =3.6.1 | |
| Cisco Enterprise Network Functions Virtualization Infrastructure Software | =3.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco enterprise network functions virtualization infrastructure software
- version/cisco enterprise network functions virtualization infrastructure software/3.6.1
- version/cisco enterprise network functions virtualization infrastructure software/3.7.1