2 matches found
Cisco IOS XE Software Web UI Command Injection (cisco-sa-webui-cmdinj-zM283Zdw)
According to its self-reported version, Cisco IOS XE Software is affected by a Web UI Command Injection vulnerability. The vulnerability exists in the web-based user interface due to improper validation of specific HTTP requests. An authenticated, remote attacker can exploit this, to inject IOS...
CVE-2020-3224
Cisco IOS XE Software Web UI Command Injection (CVE-2020-3224) affects the web-based UI of Cisco IOS XE. An authenticated, remote attacker with read-only privileges can inject IOS commands by exploiting insufficient input validation of specific HTTP requests to a web UI endpoint, potentially alte...