N/A

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Cisco Ultra Services Framework Staging Server AutoIT service 操作系统命令注入漏洞

Cisco Ultra Services Framework Staging Server是美国思科（Cisco）公司的一个智能在线服务交付平台中的分段服务器。AutoIT service是其中的一项服务。 Cisco Ultra Services Framework Staging Server 5.0.3之前的版本和5.1之前的版本中的AutoIT service存在任意命令执行漏洞，该漏洞源于程序没有正确的调用shell。远程攻者可通过创建CLI命令输入利用该漏洞以root用户身份执行任意的Linu

N/A

N/A