Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Software-Defined Application Visibility and Control on Cisco vManage Authentication Bypass Vulnerability
Vulnerability Description
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Cisco vManage 访问控制错误漏洞
Vulnerability Description
Cisco vManage是美国思科(Cisco)公司的一个高度可定制的仪表板。可简化和自动化 Cisco SD-WAN 的部署、配置、管理和操作。 Cisco vManage 存在访问控制错误漏洞,该漏洞源于GUI可以在自管理云安装或本地服务器安装上访问,可能允许未经身份验证的远程攻击者无需身份验证即可访问GUI,攻击者可以通过访问暴露的GUI来利用此漏洞。成功利用可能允许攻击者查看托管设备名称、SD-AVC 日志和 SD-AVC DNS服务器IP地址。
CVSS Information
N/A
Vulnerability Type
N/A