A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.
History

Thu, 21 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-08-21T18:00:17.724597Z

Updated: 2024-11-21T19:16:15.963Z

Reserved: 2019-06-04T00:00:00

Link: CVE-2019-12623

cve-icon Vulnrichment

Updated: 2024-08-04T23:24:39.138Z

cve-icon NVD

Status : Modified

Published: 2019-08-21T18:15:13.493

Modified: 2024-11-21T04:23:12.670

Link: CVE-2019-12623

cve-icon Redhat

No data.