cnvd-2018-21255
Vulnerability from cnvd
Title: 多款Cisco产品IOS XE Software权限提升漏洞
Description:
Cisco 4000 Series Integrated Services Routers等都是美国思科(Cisco)公司的不同型号的路由器产品。IOS XE Software是使用在其中的一个Cisco公司为其网络设备开发的操作系统。
多款Cisco产品中的IOS XE Software的shell访问请求机制存在权限提升漏洞,该漏洞源于受影响的软件对命令使用了不充分的身份验证机制。本地攻击者可通过请求访问root shell利用该漏洞绕过身份验证并获取root shell不受限的访问权限。
Severity: 中
Patch Name: 多款Cisco产品IOS XE Software权限提升漏洞的补丁
Patch Description:
Cisco 4000 Series Integrated Services Routers等都是美国思科(Cisco)公司的不同型号的路由器产品。IOS XE Software是使用在其中的一个Cisco公司为其网络设备开发的操作系统。
多款Cisco产品中的IOS XE Software的shell访问请求机制存在权限提升漏洞,该漏洞源于受影响的软件对命令使用了不充分的身份验证机制。本地攻击者可通过请求访问root shell利用该漏洞绕过身份验证并获取root shell不受限的访问权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-shell-access
Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-shell-access
Impacted products
| Name | ['Cisco ASR 900 Series Aggregation Services Routers', 'Cisco 4000 Series Integrated Services Routers', 'Cisco ASR 1000 Series Aggregation Services Routers', 'Cisco Cloud Services Router 1000V Series', 'Cisco Integrated Services Virtual Router'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-15371"
}
},
"description": "Cisco 4000 Series Integrated Services Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u578b\u53f7\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002IOS XE Software\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u4e2aCisco\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684IOS XE Software\u7684shell\u8bbf\u95ee\u8bf7\u6c42\u673a\u5236\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u8f6f\u4ef6\u5bf9\u547d\u4ee4\u4f7f\u7528\u4e86\u4e0d\u5145\u5206\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf7\u6c42\u8bbf\u95eeroot shell\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u5e76\u83b7\u53d6root shell\u4e0d\u53d7\u9650\u7684\u8bbf\u95ee\u6743\u9650\u3002",
"discovererName": "Cisco",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-shell-access",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-21255",
"openTime": "2018-10-18",
"patchDescription": "Cisco 4000 Series Integrated Services Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u578b\u53f7\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002IOS XE Software\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u4e2aCisco\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684IOS XE Software\u7684shell\u8bbf\u95ee\u8bf7\u6c42\u673a\u5236\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u8f6f\u4ef6\u5bf9\u547d\u4ee4\u4f7f\u7528\u4e86\u4e0d\u5145\u5206\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf7\u6c42\u8bbf\u95eeroot shell\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u5e76\u83b7\u53d6root shell\u4e0d\u53d7\u9650\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eCisco\u4ea7\u54c1IOS XE Software\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco ASR 900 Series Aggregation Services Routers",
"Cisco 4000 Series Integrated Services Routers",
"Cisco ASR 1000 Series Aggregation Services Routers",
"Cisco Cloud Services Router 1000V Series",
"Cisco Integrated Services Virtual Router"
]
},
"referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-shell-access",
"serverity": "\u4e2d",
"submitTime": "2018-10-09",
"title": "\u591a\u6b3eCisco\u4ea7\u54c1IOS XE Software\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…