Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
Vulnerability Description
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Cisco Small Business 220 Series Smart Switches 输入验证错误漏洞
Vulnerability Description
Cisco Small Business 220 Series Smart Switches是美国思科(Cisco)公司的一款小型智能交换机设备。 使用1.1.4.4之前版本固件的Cisco Small Business 220 Series Smart Switches中的Web管理界面存在输入验证错误漏洞,该漏洞源于程序没有充分验证用户提交的输入。远程攻击者可通过发送恶意的HTTP或HTTPS请求利用该漏洞以root用户权限执行任意的shell命令。
CVSS Information
N/A
Vulnerability Type
N/A