Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco DNA Center API Command Injection Vulnerability
Vulnerability Description
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco Catalyst Center 操作系统命令注入漏洞
Vulnerability Description
Cisco Catalyst Center(Cisco DNA Center)是美国思科(Cisco)公司的一个网络管理系统。 Cisco Catalyst Center(Cisco DNA Center)存在操作系统命令注入漏洞,该漏洞源于用户输入验证不足,可能导致远程攻击者执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A