Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cato's Socket WebUI is vulnerable to OS Command Injection
Vulnerability Description
Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket’s internal system.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cato Networks Socket 安全漏洞
Vulnerability Description
Cato Networks Socket是以色列Cato Networks公司的一款提供安全网络连接与流量优化能力的边缘接入设备。 Cato Networks Socket 25之前版本存在安全漏洞,该漏洞源于命令注入漏洞,可能导致经过身份验证的攻击者通过Socket Web界面以root用户身份执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A