Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability
Vulnerability Description
A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用未经初始化的指针
Vulnerability Title
Cisco IOS 缓冲区错误漏洞
Vulnerability Description
Cisco IOS是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XE Software 存在缓冲区错误漏洞,该漏洞源于变量未初始化造成的。攻击者可利用该漏洞向受影响的设备发送一系列NETCONF或RESTCONF请求来安装、操作或删除网络设备的配置,或损坏设备上的内存。
CVSS Information
N/A
Vulnerability Type
N/A