Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI command for execution at the Cisco Meeting Server CLI. An exploit could allow the attacker to perform command injection and escalate their privilege level to root. Vulnerable Products: This vulnerability exists in Cisco Meeting Server software versions prior to and including 2.0, 2.1, and 2.2. Cisco Bug IDs: CSCvf53830.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Cisco Meeting Server 安全漏洞
Vulnerability Description
Cisco Meeting Server(前称Acano Conferencing Server,CMS)是美国思科(Cisco)公司的一套包含音频、视频的会议服务器软件。 Cisco Meeting Server 2.0版本、2.1版本和2.2版本中的CLI命令解析代码中存在安全漏洞,该漏洞源于程序在CLI中没有充分的验证用户提交的输入。本地攻击者可通过认证受影响的应用程序并提交特制的CLI命令利用该漏洞注入命令,将权限提升至root。
CVSS Information
N/A
Vulnerability Type
N/A