Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Connected Mobile Experiences Strong Authentication Requirements Enforcement Bypass
Vulnerability Description
A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
凭证管理
Vulnerability Title
Cisco Connected Mobile Experiences 信任管理问题漏洞
Vulnerability Description
Cisco Connected Mobile Experiences是美国思科(Cisco)公司的一个互联移动体验。 Cisco Connected Mobile Experiences(CMX)存在信任管理问题漏洞,该漏洞源于软件更改密码接口的问题。在使用该接口在服务器端更改密码时,密码策略检查不完整。经过身份验证的远程攻击者可以通过向受影响的设备发送一个特别制作的更改密码请求来利用漏洞,将自己的密码更改为不符合配置的强认证要求的值。
CVSS Information
N/A
Vulnerability Type
N/A