Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Integrated Management Controller CLI Command Injection Vulnerability
Vulnerability Description
A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco Integrated Management Controller 操作系统命令注入漏洞
Vulnerability Description
Cisco Integrated Management Controller(IMC)是美国思科(Cisco)公司的一套用于对UCS(统一计算系统)进行管理的软件。该软件支持HTTP、SSH访问等,并可对服务器进行开机、关机和重启等操作。 Cisco IMC中的命令行界面存在操作系统命令注入漏洞,该漏洞源于程序没有充分验证用户提交的输入。本地攻击者可通过进行身份验证并提交特制的输入利用该漏洞注入任意命令并获取root权限。以下产品及版本受到影响:Cisco UCS C-Series和S-Series Se
CVSS Information
N/A
Vulnerability Type
N/A