A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device.
History

Tue, 19 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-08-07T20:55:11.724228Z

Updated: 2024-11-19T19:02:07.688Z

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1895

cve-icon Vulnrichment

Updated: 2024-08-04T18:35:52.025Z

cve-icon NVD

Status : Modified

Published: 2019-08-07T21:15:11.283

Modified: 2024-11-21T04:37:38.183

Link: CVE-2019-1895

cve-icon Redhat

No data.