漏洞标题
Cisco数据中心网络管理器SQL注入漏洞
漏洞描述信息
Cisco Data Center Network Manager (DCNM)的REST和SOAP API端点存在多个漏洞,允许经过身份验证的远程攻击者在受影响设备上执行任意SQL命令。要利用这些漏洞,攻击者需要对DCNM应用具有管理权限。有关这些漏洞的更多信息,请参阅本公告的“详细信息”部分。注意:这些漏洞的严重性因与本公告同时发布的《Cisco Data Center Network Manager身份验证绕过漏洞》公告中描述的漏洞而加剧。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Cisco Data Center Network Manager SQL Injection Vulnerabilities
漏洞描述信息
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
CVSS信息
N/A
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
漏洞标题
Cisco Data Center Network Manager SQL注入漏洞
漏洞描述信息
Cisco Data Center Network Manager(DCNM)是美国思科(Cisco)公司的一套数据中心管理系统。该系统适用于Cisco Nexus和MDS系列交换机,提供存储可视化、配置和故障排除等功能。 Cisco DCNM 11.3(1)之前版本中的SOAP API存在SQL注入漏洞,该漏洞源于程序没有充分验证提交到该API的用户输入。远程攻击者可通过发送特制的请求利用该漏洞执行任意的SQL命令。
CVSS信息
N/A
漏洞类别
SQL注入