Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability
Vulnerability Description
A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Cisco IOS XR 安全漏洞
Vulnerability Description
Cisco IOS XR是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XR 软件中SNMP管理面板存在安全漏洞中存在漏洞。该漏洞是由于在将SNMP与管理平面保护配合使用时,LPTS编程不正确造成的。即使配置为拒绝访问SNMP的管理平面保护,也允许未经身份验证的远程攻击者允许连接受影响设备的服务器。
CVSS Information
N/A
Vulnerability Type
N/A