CVE-2018-0323

MEDIUM

Cisco Enterprise NFV Infrastructure Software - Authenticated Path Traversal via Web Management Interface

Title source: llm
STIX 2.1

Description

A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104206

Scores

CVSS v3 6.5
EPSS 0.0191
EPSS Percentile 77.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (2)
cisco/network_functions_virtualization_infrastructure 3.6.1
cisco/network_functions_virtualization_infrastructure 3.7.1
Published May 17, 2018
Tracked Since Feb 18, 2026