Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities
Vulnerability Description
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco IOS XR 操作系统命令注入漏洞
Vulnerability Description
Cisco IOS XR是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XR存在操作系统命令注入漏洞,该漏洞源于软件中的CLI对于命令行参数的缺乏有效的验证。该漏洞可能允许经过身份验证的本地攻击者在受影响的设备上将权限提升为 root。攻击者可以通过对受影响的设备进行身份验证并将精心设计的输入提交到设备上的特定命令来利用此漏洞。 成功的利用可能允许攻击者以 root 身份执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A