漏洞标题
N/A
漏洞描述信息
Cisco Catalyst SD-WAN Manager多租户功能中的会话管理漏洞可能导致经过验证的远程攻击者访问由同一 Cisco Catalyst SD-WAN Manager实例管理的另一个租户。此漏洞需要启用多租户功能。
此漏洞是由于 Cisco Catalyst SD-WAN Manager 系统内的用户会话管理不足。攻击者可以通过向受影响的系统发送定制请求来利用此漏洞。一个成功的漏洞允许攻击者获得对另一个租户的未经授权访问信息,进行配置更改,或者可能导致一个租户停机,造成拒绝服务情况。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
漏洞类别
会话固定
漏洞标题
N/A
漏洞描述信息
A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled.
This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Cisco Catalyst 安全漏洞
漏洞描述信息
Cisco Catalyst是美国思科(Cisco)公司的一系列交换机。 Cisco Catalyst SD-WAN Manager 存在安全漏洞,该漏洞源于多租户功能的会话管理系统中存在漏洞,可能允许经过身份验证的远程攻击者访问由同一 Cisco Catalyst SD-WAN Manager 实例管理的另一个租户。
CVSS信息
N/A
漏洞类别
其他