Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco DNA Center Command Runner Command Injection Vulnerability
Vulnerability Description
A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco DNA Center 操作系统命令注入漏洞
Vulnerability Description
Cisco DNA Center是美国思科(Cisco)公司的一个网络管理和命令中心服务。 Cisco DNA Center 存在操作系统命令注入漏洞,该漏洞源于命令运行器工具的输入验证不足造成的。攻击者可利用该漏洞在设备上执行任意CLI命令。
CVSS Information
N/A
Vulnerability Type
N/A