Описание
A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system.
Уязвимые конфигурации
Одно из
EPSS
6.7 Medium
CVSS3
6.7 Medium
CVSS3
7.2 High
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system.
Уязвимость операционной системы Cisco IOS XE, существующая из-за ошибок ограничения имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить произвольный код в базовой операционной системе Linux
EPSS
6.7 Medium
CVSS3
6.7 Medium
CVSS3
7.2 High
CVSS2