LiveActive security incident?Get immediate response
CVE Record

CVE-2019-1984: Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in an NFVIS file-system command. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying OS.

MediumCVSS 6.5Not KEV-listedUpdated
Glexia's Takemoderate

Analyst readout for executives and security teams

Plain-English summary

CVE-2019-1984 affects Cisco Enterprise NFV Infrastructure Software. An attacker who already has administrator privileges could remotely cause NFVIS to overwrite files on the device’s underlying operating system. This is not an unauthenticated internet takeover, but it can turn compromised or misused NFVIS admin access into serious integrity and availability impact.

Executive priority

Treat this as a moderate infrastructure risk. It is not described as actively exploited or unauthenticated, but it affects network virtualization infrastructure and can damage system integrity or availability if an admin account is compromised or misused.

Technical view

The issue is improper input validation in an NFVIS file-system command. By supplying crafted variables during execution of the affected command, an authenticated remote attacker with administrator privileges could overwrite arbitrary OS files. CVSS 3.0 is 6.5: network attack vector, low complexity, high privileges required, no user interaction, high integrity and availability impact.

Likely exposure

Exposure is limited to environments running Cisco Enterprise NFV Infrastructure Software. The source bundle does not identify affected version ranges, so teams need to compare deployed NFVIS versions against Cisco’s advisory. Risk increases where NFVIS administrator access is broadly available or management interfaces are reachable from less-trusted networks.

Exploitation context

The provided sources do not show CISA KEV listing or cited active exploitation. Exploitation requires remote access plus NFVIS administrator privileges. The concern is post-authentication abuse, especially after credential compromise, excessive admin delegation, or weak management-plane segmentation.

Researcher notes

This is CWE-20 improper input validation with arbitrary file overwrite impact on the underlying OS. The source bundle lacks affected version ranges and fix details. Analysis should focus on NFVIS command handling, admin-role exposure, management-plane access, and vendor advisory reconciliation.

Mitigation direction

  • Review Cisco’s advisory for affected and fixed NFVIS release guidance.
  • Restrict NFVIS administrative access to trusted management networks only.
  • Audit NFVIS administrator accounts and remove unnecessary privileges.
  • Monitor for unexpected changes to underlying OS files.
  • Check vendor guidance before applying compensating controls.

Validation and detection

  • Inventory all Cisco Enterprise NFVIS deployments.
  • Compare deployed versions against Cisco’s advisory.
  • Confirm NFVIS admin interfaces are not broadly reachable.
  • Review admin access logs for unusual file-system command activity.
  • Check integrity monitoring for unexpected OS file overwrites.
Prepared
Confidence
medium
Sources
3

Based on public source material and reviewed before publication.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-20: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

File access behavior lookup

The CVE wording references file access or upload behavior, so file telemetry and web shell review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2019-1984 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
6.5 (3.0)
Known Exploited
No
Published

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
6.5CVSS 3.0MediumCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H1.25.2Primary CVE score

Vulnerability scoring details

Base CVSS 3.0 score

6.5Medium
CVSS 3.0 vector shape for CVE-2019-1984Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
CiscoCisco Enterprise NFV Infrastructure SoftwareunspecifiedListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-20 · source CWE mapping

Improper Input Validation

Improper Input Validation represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.