Rewterz Threat Advisory – CVE 2019-1895 – Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability

Thursday, August 8, 2019

Severity

Medium

Analysis Summary

The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device.

Impact

  • Authentication bypass
  • Session interception

Affected Vendors

Cisco

Affected Products

Cisco Enterprise NFV Infrastructure Software releases earlier than 3.12.1.

Remediation

Please see vendor’s advisory for more details

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-vnc-authbypass

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 22, August 2019 Rewterz Threat Advisory – CVE-2019-15295 – BitDefender Antivirus Free 2020 – Privilege Escalation to SYSTEM
  • 22, August 2019 Rewterz Threat Alert – Banks All over the World Attacked by Silence Advanced Hackers
  • 22, August 2019 Rewterz Threat Alert – Adwind Bypasses Microsoft ATP to Attack Utilities Industry
  • 21, August 2019 Rewterz Threat Advisory – Multiple vulnerabilities fixed in VLC media player

Copyright © Rewterz. All rights reserved.