Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability
Vulnerability Description
A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
多款Cisco产品操作系统命令注入漏洞
Vulnerability Description
Cisco 809 Industrial Integrated Services Routers和Cisco 829 Industrial Integrated Services Routers都是美国思科(Cisco)公司的一款工业集成多业务路由器。 Cisco 809 Industrial ISRs、829 Industrial ISRs和CGR1000中的IOS Software的inter-VM channel存在操作系统命令注入漏洞,该漏洞源于程序没有充分验证发往VDS的数据包。攻击者可通过发送
CVSS Information
N/A
Vulnerability Type
N/A