Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
520
Views
0
Helpful
0
Replies

Command Injection via CLI and web UI vs CVSS

stefeg
Beginner
Beginner

‎12-07-2022 04:18 AM

Hi,

Cisco security advisories for similar vulnerabilities (e.g. Command Injection) regarding CLI and web UI differs in case of scoring CVSS in attack vector parameter. CLI vulnerabilities are scored with "Local" and web UI with "Network" AV. I wonder what is the difference here, because both of these user interfaces can be accessed (and therefore exploited) over the network.

Here are two examples for CLI and web UI:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-Gje47EMn

Thanks.

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents