Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
CWE-1286
Vulnerability Title
Cisco IOS XE Software 安全漏洞
Vulnerability Description
Cisco IOS XE Software是美国思科(Cisco)公司的一种网络操作系统。 Cisco IOS XE Software存在安全漏洞,该漏洞源于API端点参数验证不足,可能导致经过身份验证的远程攻击者提升权限并访问管理API。
CVSS Information
N/A
Vulnerability Type
N/A