漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability
Vulnerability Description
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
参数注入或修改
Vulnerability Title
Cisco Nexus Dashboard 安全漏洞
Vulnerability Description
Cisco Nexus Dashboard是美国思科(Cisco)公司的一个单一控制台。能够简化数据中心网络的运营和管理。 Cisco Nexus Dashboard存在安全漏洞,该漏洞源于命令参数验证不足。可能允许具有网络管理员权限的经过身份验证的远程攻击者对受影响的设备执行命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A