Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOx for IOS XE Software Privilege Escalation Vulnerability
Vulnerability Description
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device.
CVSS Information
N/A
Vulnerability Type
权限、特权和访问控制
Vulnerability Title
Cisco IOS XE 权限许可和访问控制问题漏洞
Vulnerability Description
Cisco IOS XE是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XE16.3.1及之后版本中对Cisco IOx应用程序托管基础架构的授权控制存在权限许可和访问控制问题漏洞,该漏洞源于程序未正确处理授权令牌请求。攻击者可通过使用特制的API调用利用该漏洞获得授权令牌并在受影响的设备上执行任意IOx API命令。
CVSS Information
N/A
Vulnerability Type
N/A