Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Identity Services Engine Privilege Escalation Vulnerability
Vulnerability Description
A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting and modifying specific internode communications from one ISE persona to another ISE persona. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying operating system. To exploit this vulnerability, the attacker would need to decrypt HTTPS traffic between two ISE personas that are located on separate nodes.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
特权授予不正确
Vulnerability Title
Cisco Identity Services Engine 操作系统命令注入漏洞
Vulnerability Description
Cisco Identity Services Engine(ISE)是美国思科(Cisco)公司的一款环境感知平台(ISE身份服务引擎)。该平台通过收集网络、用户和设备中的实时信息,制定并实施相应策略来监管网络。 Cisco Identity Services Engine (ISE) 存在操作系统命令注入漏洞,该漏洞源于对特定 API 端点的输入验证不足。处于中间人位置的攻击者可以通过拦截和修改从一个 ISE 角色到另一个 ISE 角色的特定节点间通信来利用此漏洞。成功的利用可能允许攻击者在底层操作系
CVSS Information
N/A
Vulnerability Type
N/A