Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco IOS 权限许可和访问控制问题漏洞
Vulnerability Description
Cisco IOS是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS软件中SCP实现的服务器端存在权限许可和访问控制问题漏洞,可能允许附加了CLI视图的认证用户从配置为SCP服务器的Cisco IOS设备传输文件,无论CLI视图配置授权给哪些用户上述权限。这个漏洞允许有效用户在设备的系统文件上检索或写入任意文件(包括设备保存的配置和Cisco IOS镜像文件),即使附加给用户的CLI视图不允许这些操作。配置文件中可能包含有口令或其他敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A