Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
路径遍历:’/absolute/pathname/here’
Vulnerability Title
Cisco Identity Services Engine 路径遍历漏洞
Vulnerability Description
Cisco Identity Services Engine(ISE)是美国思科(Cisco)公司的一款环境感知平台(ISE身份服务引擎)。该平台通过收集网络、用户和设备中的实时信息,制定并实施相应策略来监管网络。 Cisco Identity Services Engine(ISE)存在路径遍历漏洞,该漏洞源于输入验证不足,可能允许经过身份验证的远程攻击者对受影响设备的文件系统进行未经授权的更改,成功利用此漏洞可能允许攻击者将恶意文件上传到文件系统中的任意位置。
CVSS Information
N/A
Vulnerability Type
N/A