Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Intersight Virtual Appliance Command Injection Vulnerability
Vulnerability Description
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Cisco Intersight 操作系统命令注入漏洞
Vulnerability Description
Cisco Intersight是美国思科(Cisco)公司的一个应用平台。提供了智能管理级别,使 IT 组织能够以比前几代工具更先进的方式分析、简化和自动化其环境。 Cisco Intersight Virtual Appliance 存在操作系统命令注入漏洞,该漏洞源于输入验证不足造成的。攻击者可以通过使用基于 Web 的管理界面使用精心设计的输入执行命令来利用此漏洞。成功的利用可能允许攻击者在受影响的设备上使用root级权限执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A