漏洞标题
N/A
漏洞描述信息
Cisco SD-WAN vManage软件REST API的请求验证漏洞可能导致未验证的远程攻击者访问受影响的 Cisco SD-WAN vManage实例的配置,并获得读取权限或有限的写入权限。
此漏洞是由于在使用REST API功能时缺乏请求验证。攻击者可以通过向受影响的vManage实例发送精心构造的API请求来利用此漏洞。成功利用可能导致攻击者从受影响的 Cisco vManage实例的配置中获取信息和将信息发送到其配置。此漏洞只影响REST API,不影响基于Web的管理界面或命令行界面。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
漏洞类别
输入验证不恰当
漏洞标题
N/A
漏洞描述信息
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.
This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
漏洞类别
认证机制不恰当
漏洞标题
Cisco SD-WAN vManage 授权问题漏洞
漏洞描述信息
Cisco SD-WAN vManage是美国思科(Cisco)公司的一个高度可定制的仪表板。可简化和自动化 Cisco SD-WAN 的部署、配置、管理和操作。 Cisco SD-WAN vManage存在安全漏洞,该漏洞源于使用REST API功能时请求验证,可能允许未经身份验证的远程攻击者获得读取权限或有限的写入权限。
CVSS信息
N/A
漏洞类别
授权问题