漏洞标题
思科企业NFV基础设施软件Linux shell访问漏洞
漏洞描述信息
思科企业NFV基础设施软件Linux Shell访问漏洞
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
漏洞描述信息
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH.
CVSS信息
N/A
漏洞类别
输入验证不恰当
漏洞标题
Cisco Enterprise NFV Infrastructure Software 输入验证漏洞
漏洞描述信息
Cisco Enterprise NFV Infrastructure Software(NFVIS)是美国思科(Cisco)公司的一套NVF基础架构软件平台。该平台可以通过中央协调器和控制器实现虚拟化服务的全生命周期管理。 Cisco Enterprise NFVIS中的CLI存在输入验证漏洞。本地攻击者可通过发送特制的命令利用该漏洞访问底层Linux操作系统的shell。
CVSS信息
N/A
漏洞类别
输入验证错误