漏洞标题
N/A
漏洞描述信息
在Cisco安全负载的OpenAPI中,一个漏洞可能导致具有只读权限的用户 authenticated的远程攻击者执行应该需要管理员权限的操作。攻击者需要有效的用户凭据。此漏洞是由于某些OpenAPI操作 improper role-based access control(RBAC)引起的。攻击者可以通过发出有效的OpenAPI函数调用来利用此漏洞。成功利用可能导致攻击者执行 reserved for the Administrator user 的OpenAPI操作,包括创建和删除用户标签。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
漏洞类别
授权机制不正确
漏洞标题
N/A
漏洞描述信息
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials.
This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
漏洞类别
特权API的不正确使用
漏洞标题
Cisco Secure Workload 安全漏洞
漏洞描述信息
Cisco Secure Workload是美国思科(Cisco)公司的一种允许用户在其应用程序工作负载上安装软件代理的软件。 Cisco Secure Workload存在安全漏洞。攻击者利用该漏洞导致权限提升。
CVSS信息
N/A
漏洞类别
其他