CVE-2019-12623

MEDIUM

Cisco NFVIS - Info Disclosure

Title source: llm

Description

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-enumeration

Scores

CVSS v3 4.3

EPSS 0.0015

EPSS Percentile 34.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-538

Status published

Products (1)

cisco/enterprise_network_functions_virtualization_infrastructure < 3.12.1

Published Aug 21, 2019

Tracked Since Feb 18, 2026