漏洞标题
Cisco IOx for IOS Software 客户操作系统未授权访问漏洞
漏洞描述信息
Cisco IOS软件的IOx应用环境存在一个漏洞,该漏洞可能允许经过身份验证的远程攻击者访问受影响设备上运行的来宾操作系统(Guest OS)的未经授权访问。此漏洞是由于在低权限用户请求访问应仅限于管理员帐户的来宾操作系统时,角色基于访问控制(RBAC)评估不正确导致的。攻击者可能通过使用低权限用户凭据身份验证到来宾操作系统来利用此漏洞。成功的利用可能使攻击者能够以root用户身份未经授权访问来宾操作系统。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability
漏洞描述信息
A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user.
CVSS信息
N/A
漏洞类别
访问控制不恰当
漏洞标题
Cisco 800 Series Industrial Integrated Services Routers和Cisco 1000 Series Connected Grid Routers IOS Software 访问控制错误漏洞
漏洞描述信息
Cisco 800 Series Industrial Integrated Services Routers和Cisco 1000 Series Connected Grid Routers (CGR 1000)中的IOS Software的Iox应用程序环境存在访问控制错误漏洞。远程攻击者可通过使用低权限用户的凭证对Guest OS进行身份验证利用该漏洞获取Guest OS未授权的访问权限(root权限)。
CVSS信息
N/A
漏洞类别
授权问题