Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOx for IOS XE Software Command Injection Vulnerability
Vulnerability Description
A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability by creating a crafted application .tar file and loading it onto the device. A successful exploit could allow the attacker to perform command injection into the underlying operating system as the root user.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Cisco Iox 命令注入漏洞
Vulnerability Description
Cisco Iox是美国思科(Cisco)公司的一个结合了Cisco IOS和Linux OS用于安全网络连接以及开发IOT应用的安全开发环境。 Cisco IOx application 存在安全漏洞,该漏洞允许经过身份验证的远程攻击者以root用户的身份向底层操作系统注入命令。
CVSS Information
N/A
Vulnerability Type
N/A