CVE-2018-0323
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-0323
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Enterprise NFV Infrastructure Software 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Enterprise NFV Infrastructure Software(NFVIS)是美国思科(Cisco)公司的一套NVF基础架构软件平台。该平台可以通过中央协调器和控制器实现虚拟化服务的全生命周期管理。 Cisco Enterprise NFVIS中的Web管理界面存在路径遍历漏洞,该漏洞源于程序没有充分的验证Web请求参数。远程攻击者可通过发送恶意的Web请求利用该漏洞访问敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Cisco Enterprise NFV Infrastructure Software | Cisco Enterprise NFV Infrastructure Software | - |
II. Public POCs for CVE-2018-0323
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-0323
Please Login to view more intelligence information
Same Patch Batch · n/a · 2018-05-17 · 41 CVEs total
| CVE-2018-0279 | Cisco Enterprise NFV Infrastructure Software Secure Copy Protocol服务器输入验证错误漏洞 | |
| CVE-2018-11230 | jbig2enc 安全漏洞 | |
| CVE-2018-11224 | Libav 安全漏洞 | |
| CVE-2018-11225 | libming 安全漏洞 | |
| CVE-2018-11226 | libming 安全漏洞 | |
| CVE-2018-0222 | Cisco Digital Network Architecture Center 安全漏洞 | |
| CVE-2018-0268 | Cisco Digital Network Architecture Center 安全漏洞 | |
| CVE-2018-0270 | Cisco IoT Field Network Director 跨站请求伪造漏洞 | |
| CVE-2018-0271 | Cisco Digital Network Architecture Center API gateway 授权问题漏洞 | |
| CVE-2018-0277 | Cisco Identity Services Engine 安全漏洞 | |
| CVE-2018-10027 | ESTsoft ALZip 安全漏洞 | |
| CVE-2018-0280 | Cisco Meeting Server 输入验证漏洞 | |
| CVE-2018-0289 | Cisco Identity Services Engine logs组件跨站脚本漏洞 | |
| CVE-2018-0290 | Cisco SocialMiner 资源管理错误漏洞 | |
| CVE-2018-0297 | Cisco Firepower Threat Defense detection引擎安全漏洞 | |
| CVE-2018-0324 | Cisco Enterprise NFV Infrastructure Software CLI 命令注入漏洞 | |
| CVE-2018-0325 | Cisco IP Phone 7800 Series和Cisco IP Phone 8800 Series 输入验证漏洞 | |
| CVE-2018-0326 | Cisco TelePresence Server Software Web UI 安全漏洞 | |
| CVE-2018-0327 | Cisco Identity Services Engine 跨站脚本漏洞 | |
| CVE-2018-0328 | Cisco Unified Communications Manager和Cisco Unified Presence 输入验证漏洞 |
Showing top 20 of 41 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Cisco Enterprise NFV Infrastructure Software
- CVE-2026-20090
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20089
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20087
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20088
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20096
Cisco Integrated Management Controller Command Injection Vul
Same vendor: n/a
- CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
Same weakness: CWE-22
- CVE-2026-42351
pygeoapi: Path Traversal in STAC FileSystemProvider - CVE-2026-42213
SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables - CVE-2026-7807
SmarterTools SmarterMail < Build 9560 Server Local File Incl - CVE-2026-42028
novaGallery: Unauthenticated Path Traversal in Album and Cac - CVE-2026-41887
Flarum: Path traversal in LESS parser via theme color settin
V. Comments for CVE-2018-0323
No comments yet