Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76634.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco Elastic Services Controller 安全漏洞
Vulnerability Description
Cisco Elastic Services Controller(ESC)是美国思科(Cisco)公司的一个开源的模块化系统。 Cisco ESC 2.3.1.434之前的版本和2.3.2之前的版本中的命令存在任意命令执行漏洞,该漏洞源于系统上的‘tomcat’用户可以覆盖文件系统上的任意文件。远程攻击者可利用该漏洞将权限提升至root,在服务器上运行恶意的命令。
CVSS Information
N/A
Vulnerability Type
N/A