漏洞标题
N/A
漏洞描述信息
Cisco Secure Email Gateway (ESA) 和 Cisco Secure Email 和 Web Manager (SMA) 的 Web UI 和 administrative CLI 中的漏洞可能导致 authenticated 远程攻击者或 authenticated 本地攻击者升级其权限级别并获取 root 访问权限。攻击者必须拥有有效的用户凭据,至少具有 [[ privilege of operator - 验证实际名称]] 的权限。该漏洞是由于处理特定构造的 SNMP 配置文件而产生的。攻击者可以通过向目标设备进行身份验证并上传一个特定构造的 SNMP 配置文件来利用此漏洞。上传该文件时,可以允许作为 root 执行命令。利用此漏洞可以使攻击者获得设备上的 root 访问权限。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege of operator - validate actual name]].
The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
漏洞类别
输入验证不恰当
漏洞标题
Cisco Secure Email 代码问题漏洞
漏洞描述信息
Cisco Secure Email是美国思科(Cisco)公司的思科安全电子邮件(前身为电子邮件安全)为您的电子邮件提供最佳保护,使其免受网络威胁。 Cisco Secure Email Gateway (ESA) 、Cisco Secure Email and Web Manager (SMA)存在安全漏洞,该漏洞源于Web UI 和administrative CLI 存在安全问题,攻击者利用该漏洞可以提升其权限级别并获得根访问权限。
CVSS信息
N/A
漏洞类别
代码问题