CVE-2020-3138

CVE-2020-3138: Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability

Vendor Cisco
Product NA
Weakness CWE-347
Published February 19, 2020
Last update November 15, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to upload crafted code to the affected device.

Key dates

02Disclosure timeline

February 19, 2020 CVE published
November 15, 2024 Record updated