Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS) 4.8.1

CPE Details

Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS) 4.8.1
cisco
enterprise_nfv_infrastructure_software
4.8.1
2023-03-15
10h20 +00:00
2023-03-24
15h57 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:4.8.1:*:*:*:*:*:*:*

Informations

Vendor

cisco

Product

enterprise_nfv_infrastructure_software

Version

4.8.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-32433 2025-04-16 21h34 +00:00 Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
10
Critical
CVE-2022-20929 2023-03-08 14h33 +00:00 A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.