Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability
Vulnerability Description
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
Cisco Virtualized Infrastructure Manager 访问控制错误漏洞
Vulnerability Description
Cisco Virtualized Infrastructure Manager(CVIM)是美国思科(Cisco)公司的一个完全自动化的云生命周期管理系统。 Cisco Virtualized Infrastructure Manager (VIM)存在访问控制错误漏洞,该漏洞允许经过身份验证的本地攻击者访问机密信息并提升受影响设备的权限。此漏洞是由于某些配置文件的访问权限不正确造成的。具有低权限凭据的攻击者可以通过访问受影响的设备并读取受影响的配置文件来利用此漏洞。成功的利用可以让攻击者获得内部数据库
CVSS Information
N/A
Vulnerability Type
N/A