Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XE Software Command Injection Vulnerability
Vulnerability Description
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco IOS和IOS XE 操作系统命令注入漏洞
Vulnerability Description
Cisco IOS和IOS XE都是美国思科(Cisco)公司的产品。CLI是其中的一个命令行界面。 Cisco IOS XE的CLI存在安全漏洞,该漏洞源于对特定CLI命令的参数验证不足所致。攻击者可利用该漏洞会使每次重新启动受影响的设备时都以root特权执行命令。
CVSS Information
N/A
Vulnerability Type
N/A