漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cisco Small Business Switches Secure Shell Certificate Authentication Bypass Vulnerability
Vulnerability Description
A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
多款Cisco产品信任管理问题漏洞
Vulnerability Description
多款Cisco产品中的Secure Shell (SSH)身份验证进程存在信任管理问题漏洞。该漏洞源于网络系统或产品中缺乏有效的信任管理机制。攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。以下产品及版本受到影响:Cisco Small Business 200 Series Smart Switches 1.4.10.6之前版本;Small Business 300 Series Managed Switches 1.4.10.6之前版本;Small Business 500 Serie
CVSS Information
N/A
Vulnerability Type
N/A