Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XE SD-WAN Software Console Privilege Escalation Vulnerability
Vulnerability Description
A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
Cisco IOS XE SD-WAN Software 默认配置问题漏洞
Vulnerability Description
Cisco IOS XE SD-WAN Software是美国思科(Cisco)公司的一款应用于Cisco IOS XE 网络操作系统的用于网络管理(软件定义网络)的软件。 Cisco IOS XE SD-WAN Software 存在默认配置问题漏洞,该漏洞源于默认配置应用于控制台身份验证和授权。本地攻击者可利用该漏洞通过console端口获得管理权限。
CVSS Information
N/A
Vulnerability Type
N/A