CVE-2019-1893— Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-1893
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker could exploit this vulnerability by including malicious input during the execution of this file. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Enterprise NFV Infrastructure Software 命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Enterprise NFV Infrastructure Software(NFVIS)是美国思科(Cisco)公司的一套NVF基础架构软件平台。该平台可以通过中央协调器和控制器实现虚拟化服务的全生命周期管理。 Cisco Enterprise NFVIS 3.10.1之前版本中存在命令注入漏洞,该漏洞源于程序没有进行充分的输入验证。本地攻击者可借助恶意的输入利用该漏洞在底层操作系统上执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software | unspecified ~ 3.10.1 | - |
II. Public POCs for CVE-2019-1893
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-1893
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-commandinjvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2019-1893
Same Patch Batch · Cisco · 2019-07-06 · 13 CVEs total
| CVE-2019-1930 | Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities | |
| CVE-2019-1931 | Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities | |
| CVE-2019-1932 | Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability | |
| CVE-2019-1933 | Cisco Email Security Appliance Content Filter Bypass Vulnerability | |
| CVE-2019-1921 | Cisco Email Security Appliance Content Filter Bypass Vulnerability | |
| CVE-2019-1922 | Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerab | |
| CVE-2019-1894 | Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability | |
| CVE-2019-1909 | Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability | |
| CVE-2019-1911 | Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability | |
| CVE-2019-1887 | Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnera | |
| CVE-2019-1891 | Cisco Small Business Series Switches HTTP Denial of Service Vulnerability | |
| CVE-2019-1892 | Cisco Small Business Series Switches Memory Corruption Vulnerability |
IV. Related Vulnerabilities
Same product: Cisco Enterprise NFV Infrastructure Software
- CVE-2026-20090
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20089
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20087
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20088
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20096
Cisco Integrated Management Controller Command Injection Vul
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-77
- CVE-2026-8210
aandrew-me tgpt Update helper.go helper.Update command injec - CVE-2026-42258
net-imap: Command Injection via unvalidated Symbol inputs - CVE-2026-42453
Termix: Command injection in extractArchive/compressFiles vi - CVE-2026-42271
LiteLLM: Authenticated command execution via MCP stdio test - CVE-2026-41500
electerm has Command Injection Vulnerability via runMac func
V. Comments for CVE-2019-1893
No comments yet