Rewterz Threat Advisory – CVE 2019-1895 – Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability

Thursday, August 8, 2019

Severity

Medium

Analysis Summary

The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device.

Impact

  • Authentication bypass
  • Session interception

Affected Vendors

Cisco

Affected Products

Cisco Enterprise NFV Infrastructure Software releases earlier than 3.12.1.

Remediation

Please see vendor’s advisory for more details

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-vnc-authbypass

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 6, December 2019 Rewterz Threat Advisory – CVE-2019-14899 – New Linux Vulnerability Inferring and hijacking VPN-tunneled TCP connections
  • 6, December 2019 Rewterz Threat Advisory – CVE-2019-18232 – ICS: Thales DIS SafeNet Sentinel LDK License Manager Runtime Privilege Escalation Vulnerability
  • 5, December 2019 Rewterz Threat Alert – “ZeroCleare” Targets Energy Sector in the Middle East
  • 5, December 2019 Rewterz Threat Alert – CStealer Trojan Targeting Chrome Passwords

Copyright © Rewterz. All rights reserved.