漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cisco IOS XE SD-WAN Software Console Privilege Escalation Vulnerability
Vulnerability Description
A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
Cisco IOS XE SD-WAN Software 默认配置问题漏洞
Vulnerability Description
Cisco IOS XE SD-WAN Software是美国思科(Cisco)公司的一款应用于Cisco IOS XE 网络操作系统的用于网络管理(软件定义网络)的软件。 Cisco IOS XE SD-WAN Software 存在默认配置问题漏洞,该漏洞源于默认配置应用于控制台身份验证和授权。本地攻击者可利用该漏洞通过console端口获得管理权限。
CVSS Information
N/A
Vulnerability Type
N/A