漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Description
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Cisco Identity Services Engine(Cisco ISE)和Cisco ISE Passive Identity Connector 代码问题漏洞
Vulnerability Description
Cisco Identity Services Engine(Cisco ISE)和Cisco ISE Passive Identity Connector都是美国思科(Cisco)公司的产品。Cisco Identity Services Engine是一款环境感知平台(ISE身份服务引擎)。该平台通过收集网络、用户和设备中的实时信息,制定并实施相应策略来监管网络。Cisco ISE Passive Identity Connector是一个身份服务引擎被动身份连接器。 Cisco Identity S
CVSS Information
N/A
Vulnerability Type
N/A