Vulnerability Details : CVE-2019-12623
A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.
Products affected by CVE-2019-12623
- cpe:2.3:a:cisco:enterprise_network_functions_virtualization_infrastructure:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-12623
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-12623
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
Cisco Systems, Inc. |
CWE ids for CVE-2019-12623
-
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2019-12623
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-enumeration
Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration VulnerabilityVendor Advisory
Jump to