Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control (RBAC) for file-download requests that are sent to the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to download and view any system file by using the affected software. Cisco Bug IDs: CSCvd11628.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Cisco FindIT Network Probe Software 信息泄露漏洞
Vulnerability Description
Cisco FindIT Network Probe Software是美国思科(Cisco)公司的一款FindIT网络管理器,用来监控和管理由Cisco 100至500系列产品构成的网络。 Cisco FindIT Network Probe Software中的Web用户界面的文件下载功能存在信息泄露漏洞,该漏洞源于程序没有对文件下载请求执行基于role的访问控制(RBAC)。远程攻击者可通过向受影响的软件发送特制的HTTP请求利用该漏洞下载和浏览任意系统文件。
CVSS Information
N/A
Vulnerability Type
N/A