A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system.
History

Tue, 26 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-10-05T14:00:00Z

Updated: 2024-11-26T14:39:53.930Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0460

cve-icon Vulnrichment

Updated: 2024-08-05T03:28:11.045Z

cve-icon NVD

Status : Modified

Published: 2018-10-05T14:29:04.043

Modified: 2024-11-21T03:38:16.703

Link: CVE-2018-0460

cve-icon Redhat

No data.