漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco Integrated Management Controller 操作系统命令注入漏洞
Vulnerability Description
Cisco Integrated Management Controller(IMC)是美国思科(Cisco)公司的一套用于对UCS(统一计算系统)进行管理的软件。该软件支持HTTP、SSH访问等,并可对服务器进行开机、关机和重启等操作。 Cisco Integrated Management Controller存在操作系统命令注入漏洞,该漏洞源于对用户输入验证不足。远程攻击者利用该漏洞对受影响的系统执行命令注入攻击,并将其权限提升为 root。
CVSS Information
N/A
Vulnerability Type
N/A