漏洞标题
思科IOS XE SD-WAN软件参数注入漏洞
漏洞描述信息
Cisco IOS XE SD-WAN软件参数注入漏洞
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
漏洞描述信息
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
漏洞类别
输入验证不恰当
漏洞标题
Cisco IOS XE SD-WAN Software 参数注入漏洞
漏洞描述信息
Cisco IOS XE SD-WAN Software是美国思科(Cisco)公司的一款应用于Cisco IOS XE 网络操作系统的用于网络管理(软件定义网络)的软件。 Cisco IOS XE SD-WAN Software 存在参数注入漏洞,该漏洞允许经过身份验证的本地攻击者以root权限访问底层操作系统。
CVSS信息
N/A
漏洞类别
授权问题