Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
Vulnerability Description
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
Cisco Nexus Dashboard 输入验证错误漏洞
Vulnerability Description
Cisco Nexus Dashboard是美国思科(Cisco)公司的一个单一控制台。能够简化数据中心网络的运营和管理。 Cisco Nexus Dashboard存在安全漏洞,该漏洞源于多个漏洞可能允许经过身份验证的本地攻击者提升受影响设备的权限。这些漏洞是由于在受影响设备上执行CLI命令期间输入验证不足。攻击者可以通过以救援用户身份进行身份验证并使用恶意有效载荷执行易受攻击的CLI命令来利用这些漏洞。 成功利用可能允许攻击者提升权限
CVSS Information
N/A
Vulnerability Type
N/A