Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability
Vulnerability Description
A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance. This vulnerability is due to improper file permissions on configuration files for system accounts within the maintenance shell of the virtual appliance. An attacker could exploit this vulnerability by accessing the maintenance shell as a read-only administrator and manipulating system files to grant root privileges. A successful exploit could allow the attacker to elevate their privileges to root on the virtual appliance and gain full control of the appliance, giving them the ability to access sensitive information, modify workloads and configurations on the host system, and cause a denial of service (DoS).
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
Cisco Intersight 安全漏洞
Vulnerability Description
Cisco Intersight是美国思科(Cisco)公司的一个应用平台。提供了智能管理级别,使 IT 组织能够以比前几代工具更先进的方式分析、简化和自动化其环境。 Cisco Intersight存在安全漏洞,该漏洞源于维护shell中系统账户配置文件权限不当,可能导致具有管理权限的本地攻击者将权限提升至root。
CVSS Information
N/A
Vulnerability Type
N/A