Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper display of user-account tokens generated in the system. An attacker could exploit this vulnerability by logging in to the device with a token in use by another account. Successful exploitation could allow the attacker to cause a partial impact to the device's confidentiality, integrity, and availability. Cisco Bug IDs: CSCvg05206.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Cisco Spark 信息泄露漏洞
Vulnerability Description
Cisco Spark是美国思科(Cisco)公司的一套协同合作服务解决方案。该方案通过提供一个虚拟空间,让处在任何地点的团队可以一起工作、通话和视频等,并能够讨论议题、储存团队的档案和文件等。 Cisco Spark中的authentication controls存在信息泄露漏洞,该漏洞源于程序没有正确的显示在系统中产生的用户账户令牌。远程攻击者可通过使用其他账户的令牌登录设备利用该漏洞与设备进行交互并查看信息。
CVSS Information
N/A
Vulnerability Type
N/A