漏洞类别:Cisco
漏洞等级: 
漏洞信息
A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user.
漏洞危害
An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected web page parameter.
解决方案
Refer to Cisco advisory cisco-sa-20170322-xeci for updates and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论