漏洞标题
N/A
漏洞描述信息
Cisco ISE中的两个漏洞可能导致授权的远程攻击者上传任意文件到受影响的设备。要利用这些漏洞,攻击者必须在受影响的设备上拥有有效的管理员凭证。这些漏洞是由于在基于Web的管理界面上上传的文件未进行正确验证造成的。攻击者可以通过将构造的文件上传到受影响的设备来利用这些漏洞。成功的利用可能导致攻击者将恶意文件存储在特定目录中。攻击者后来可以利用这些文件进行进一步的攻击,包括使用root权限在受影响的设备上执行任意代码。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
漏洞类别
危险类型文件的不加限制上传
漏洞标题
N/A
漏洞描述信息
Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
漏洞类别
危险类型文件的不加限制上传
漏洞标题
Cisco Identity Services Engine 安全漏洞
漏洞描述信息
Cisco Identity Services Engine(ISE)是美国思科(Cisco)公司的一款环境感知平台(ISE身份服务引擎)。该平台通过收集网络、用户和设备中的实时信息,制定并实施相应策略来监管网络。 Cisco Identity Services Engine存在安全漏洞,该漏洞源于可能允许经过身份验证的远程攻击者将任意文件上传到受影响的设备。
CVSS信息
N/A
漏洞类别
其他