漏洞标题
N/A
漏洞描述信息
在SiPass集成AC5102(ACC-G2)(所有版本低于V6.4.9)和SiPass集成ACC-AP(所有版本低于V6.4.9)中发现了一个漏洞。受影响设备在处理特定位命令行接口(telnet命令行界面)上的用户输入时,没有正确地进行过滤。这可能会允许经过身份验证的本地管理员通过注入以root权限执行的任意命令来提升权限。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
漏洞类别
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
漏洞标题
N/A
漏洞描述信息
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
漏洞类别
输入验证不恰当