Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability
Vulnerability Description
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Cisco IOS XR 安全漏洞
Vulnerability Description
Cisco IOS XR是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XR存在安全漏洞,该漏洞源于GRand Unified Bootloader (GRUB)中存在安全问题,攻击者利用该漏洞可以使用 GRUB 引导加载程序命令行查看控制台上的敏感文件,以下产品和版本受到影响:ASR 9000 Series Aggregation、Services Routers (64-bit)、IOS XR White box (IOSXRWBD)、IOS XRv 9000 Ro
CVSS Information
N/A
Vulnerability Type
N/A