Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
CNOS 代码注入漏洞
Vulnerability Description
CNOS是中国的一个基于SAI的网络操作系统。CNOS网络操作系统具有全局状态实时采集、业务按需服务、资源智能调度三大功能,具有全维度场景、强兼容、高性能的特点,可实现基于微服务的功能动态扩展,分钟级链路开通,毫秒级故障倒换,端到端逐跳可控等能力,支持兼容厂商设备和白盒化设备。 CNOS 存在代码注入漏洞,该漏洞源于内部安全审查已经在中发现了一个未经身份验证的远程代码执行漏洞。默认情况下此接口是禁用的,除非启用,否则不会受到攻击。当启用时,它只在连接到VRF和定义的acl允许的地方容易受到攻击。
CVSS Information
N/A
Vulnerability Type
N/A