Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco SD-WAN Software Command Injection Vulnerability
Vulnerability Description
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Cisco SD-WAN 操作系统命令注入漏洞
Vulnerability Description
Cisco SD-WAN是美国思科(Cisco)公司的一种高度安全的云规模架构,具有开放性、可编程性和可扩展性。 Cisco SD-WAN 存在操作系统命令注入漏洞,该漏洞源于对某些CLI命令的输入验证不足。漏洞可能允许经过身份验证的本地攻击者可利用该漏洞注入任意命令并执行。攻击者可以通过对受影响的设备进行身份验证并向CLI提交手工输入来利用这个漏洞。攻击者要利用该漏洞必须被认证为管理用户才能执行受影响的命令。成功的攻击可以允许攻击者执行命令。
CVSS Information
N/A
Vulnerability Type
N/A