Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
Vulnerability Description
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Cisco SD-WAN vManage Software 跨站请求伪造漏洞
Vulnerability Description
Cisco SD-WAN vManage Software是美国思科(Cisco)公司的一款用于SD-WAN(软件定义广域网络)解决方案的管理软件。 Cisco SD-WAN vManage 存在跨站请求伪造漏洞,该漏洞源于受影响的系统上基于 Web 的管理界面的 CSRF 保护不足。攻击者可以通过诱使界面用户单击恶意链接来利用此漏洞。 成功的利用可能允许攻击者以受影响用户的权限级别执行任意操作。以下产品和版本受到影响:20.6 及之前版本、20.7 版本。
CVSS Information
N/A
Vulnerability Type
N/A