Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XE Software Web UI Command Injection Vulnerability
Vulnerability Description
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Cisco IOS XE Software 操作系统命令注入漏洞
Vulnerability Description
Cisco IOS XE Software是美国思科(Cisco)公司的一个操作系统。用于企业有线和无线访问,汇聚,核心和WAN的单一操作系统,Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在操作系统命令注入漏洞,该漏洞源于web UI功能中输入验证不足。
CVSS Information
N/A
Vulnerability Type
N/A