漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability
Vulnerability Description
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
Cisco Virtualized Infrastructure Manager 访问控制错误漏洞
Vulnerability Description
Cisco Virtualized Infrastructure Manager(CVIM)是美国思科(Cisco)公司的一个完全自动化的云生命周期管理系统。 Cisco Virtualized Infrastructure Manager (VIM)存在访问控制错误漏洞,该漏洞允许经过身份验证的本地攻击者访问机密信息并提升受影响设备的权限。此漏洞是由于某些配置文件的访问权限不正确造成的。具有低权限凭据的攻击者可以通过访问受影响的设备并读取受影响的配置文件来利用此漏洞。成功的利用可以让攻击者获得内部数据库
CVSS Information
N/A
Vulnerability Type
N/A