漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability
Vulnerability Description
A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Cisco Enterprise NFV Infrastructure Software 访问控制错误漏洞
Vulnerability Description
Cisco Enterprise NFV Infrastructure Software(NFVIS)是美国思科(Cisco)公司的一套NVF基础架构软件平台。该平台可以通过中央协调器和控制器实现虚拟化服务的全生命周期管理。 Cisco Enterprise NFVIS 3.12.1之前版本中Virtual Network Computing (VNC)控制台的实现存在访问控制错误漏洞。远程攻击者可通过在登录之前拦截管理员VNC会话利用该漏洞访问管理用户的VNC控制台会话。
CVSS Information
N/A
Vulnerability Type
N/A