漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
带着不必要的权限执行
Vulnerability Title
Cisco AsyncOS 安全漏洞
Vulnerability Description
Cisco AsyncOS是美国思科(Cisco)公司的一款应用于思科设备的操作系统。 Cisco AsyncOS存在安全漏洞,该漏洞源于对用户提供的CLI输入验证不足,允许经过身份验证的本地攻击者执行任意命令并将权限提升到root。
CVSS Information
N/A
Vulnerability Type
N/A