漏洞标题
N/A
漏洞描述信息
Cisco IOS 和 IOS XE 软件诊断终端中的路径遍历漏洞可能导致经过验证的本地攻击者使用某些可以覆盖系统文件的诊断终端命令。这些系统文件可能是敏感的,并且不应该由诊断终端的用户被覆盖。该漏洞是由于某些诊断终端命令缺乏适当的输入验证。攻击者可以通过向设备进行身份验证、进入诊断终端、并为本地诊断终端CLI命令提供精心构造的用户输入来利用此漏洞。成功利用可能会导致攻击者覆盖应该被限制的系统文件。Cisco bug ID: CSCvg41950。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell. The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic shell, and providing crafted user input to commands at the local diagnostic shell CLI. Successful exploitation could allow the attacker to overwrite system files that should be restricted. Cisco Bug IDs: CSCvg41950.
CVSS信息
N/A
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Cisco IOS和IOS XE Software 路径遍历漏洞
漏洞描述信息
Cisco IOS和IOS XE Software都是美国思科(Cisco)公司为其网络设备开发的操作系统。 Cisco IOS和IOS XE Software中的iagnostic shell存在路径遍历漏洞,该漏洞源于程序没有对诊断shell命令执行输入验证。已认证的远程攻击者可通过进入诊断shell并在诊断shellCLI中向命令中提交特制的用户输入利用该漏洞覆盖系统文件。
CVSS信息
N/A
漏洞类别
路径遍历