N/A

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Cisco Intersight 命令注入漏洞

Cisco Intersight是美国思科（Cisco）公司的一个应用平台。提供了智能管理级别，使 IT 组织能够以比前几代工具更先进的方式分析、简化和自动化其环境。 Cisco Intersight Private Virtual Appliance存在安全漏洞，该漏洞源于提取上传的软件包时输入验证不足，可能允许经过身份验证的远程攻击者使用root权限执行任意命令。

N/A

N/A