漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability
Vulnerability Description
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Cisco Identity Services Engine 路径遍历漏洞
Vulnerability Description
Cisco Identity Services Engine(Cisco ISE)是美国思科(Cisco)公司的一款环境感知平台(ISE身份服务引擎)。该平台通过收集网络、用户和设备中的实时信息,制定并实施相应策略来监管网络。 Cisco Identity Services Engine存在路径遍历漏洞,该漏洞源于API请求中对用户提供的参数验证不足。远程攻击者对基于Web的管理界面的用户发起跨站脚本(XSS)攻击、执行路径遍历攻击、读取和删除受影响设备上的任意文件,或通过设备发起服务器端请求伪造(SSR
CVSS Information
N/A
Vulnerability Type
N/A