Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XE Software Arbitrary Code Execution Vulnerability
Vulnerability Description
A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
Cisco IOS XE Lua解释器缓冲区错误漏洞
Vulnerability Description
Cisco IOS等都是美国思科(Cisco)公司的产品。Cisco IOS是一套为其网络设备开发的操作系统。IOS XE是一套为其网络设备开发的操作系统。Lua等都是Lua(Lua)团队的产品。Lua是一款轻量级、扩展的开源脚本语言。 Cisco IOS XE的Lua解释器存在安全漏洞,该漏洞源于用户提供的Lua脚本的上下文中对Lua函数调用的限制不足所致。攻击者可利用该漏洞以root特权执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A