A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device.
Metrics
Affected Vendors & Products
References
History
Tue, 19 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2019-08-07T20:55:11.724228Z
Updated: 2024-11-19T19:02:07.688Z
Reserved: 2018-12-06T00:00:00
Link: CVE-2019-1895
Vulnrichment
Updated: 2024-08-04T18:35:52.025Z
NVD
Status : Modified
Published: 2019-08-07T21:15:11.283
Modified: 2024-11-21T04:37:38.183
Link: CVE-2019-1895
Redhat
No data.