Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Secure Email and Web Manager and Secure Web Appliance Command Injection Vulnerability
Vulnerability Description
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials. This vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Cisco AsyncOS 输入验证错误漏洞
Vulnerability Description
Cisco AsyncOS是美国思科(Cisco)公司的一款应用于思科设备的操作系统。 Cisco AsyncOS存在输入验证错误漏洞,该漏洞源于XML配置文件验证不足,允许经过身份验证的远程攻击者上传特制文件并以root权限执行命令。
CVSS Information
N/A
Vulnerability Type
N/A