Skip to content

A vulnerability in the web portal of Cisco Enterprise NFV...

Moderate severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 28, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability.

References

Published by the National Vulnerability Database Aug 8, 2019
Published to the GitHub Advisory Database May 24, 2022
Last updated Jan 28, 2023

Severity

Moderate

EPSS score

0.150%
(52nd percentile)

Weaknesses

CVE ID

CVE-2019-1953

GHSA ID

GHSA-ppgh-3fjj-h297

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.