Podatność CVE-2021-1435


Publikacja: 2021-03-24

Opis:
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Typ:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
9/10
10/10
8/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Jednorazowa
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Cisco -> Ios xe 

 Referencje:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webcmdinjsh-UFJxTgZD

Copyright 2023, cxsecurity.com

 

Back to Top