Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XE SD-WAN Software Command Injection Vulnerability
Vulnerability Description
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco IOS XE SD-WAN Software 操作系统命令注入漏洞
Vulnerability Description
Cisco IOS XE SD-WAN Software是美国思科(Cisco)公司的一款应用于Cisco IOS XE 网络操作系统的用于网络管理(软件定义网络)的软件。 Cisco IOS XE SD-WAN CLI 存在操作系统命令注入漏洞,该漏洞源于系统CLI的输入验证不足。攻击者可以通过对受影响的设备进行身份验证并将精心设计的输入提交到系统CLI来利用此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A