cvedb.io
CVE-2018-0460
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2018-10-05T14:29:04.043 · Last modified 2026-06-17T01:30:52.190

Summary

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system.

Affected products

cisco — network_functions_virtualization_infrastructure

Does this affect you?

Add your gear to cvedb and we'll alert you only when cisco ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.