دورية أكاديمية
Detection of Web Command Injection Vulnerability for Cisco IOS-XE
| العنوان: | Detection of Web Command Injection Vulnerability for Cisco IOS-XE |
|---|---|
| المؤلفون: | HE Jie, CAI Ruijie, YIN Xiaokang, LU Xuanting, LIU Shengli |
| المصدر: | Jisuanji kexue, Vol 50, Iss 4, Pp 343-350 (2023) |
| بيانات النشر: | Editorial office of Computer Science, 2023. |
| سنة النشر: | 2023 |
| المجموعة: | LCC:Computer software LCC:Technology (General) |
| مصطلحات موضوعية: | cisco ios-xe, web service, command injection, vulnerability detection, fuzzing, Computer software, QA76.75-76.765, Technology (General), T1-995 |
| الوصف: | Cisco’s new operating system,Cisco IOS-XE,is widely deployed on platforms such as Cisco routers and switches.However,there are vulnerabilities in the system’s Web management interface to allow permission escalation through command injection.Network security is facing serious threats.In recent years,fuzzing is usually used to detect security vulnerabilities in embedded devices,but there is currently no fuzzing framework for Cisco IOS-XE,and current fuzzing methods for IoT have poor performance due to the unique system architecture and command mode of IOS-XE.To solve the problems mentioned above,this paper proposes a novel fuzzing framework CRFuzzer for the Web management service in Cisco IOS-XE system to detect command injection vulnerabilities.CRFuzzer combines front-end requests and back-end scripts analysis to optimize seed generation,and locates vulnerable code based on characteristics of command injection to narrow the scope of testing.In order to evaluate the vulnerability detection performance of CRFuzzer,124 firmwares of 31 different versions are tested on the physical router ISR 4000 series and the cloud router CSR 1000v,and a total of 11 command injection vulnerabilities are detected,and 2 of them are undisclosed vulnerabilities. |
| نوع الوثيقة: | article |
| وصف الملف: | electronic resource |
| اللغة: | Chinese |
| تدمد: | 1002-137X |
| Relation: | https://www.jsjkx.com/fileup/1002-137X/PDF/1002-137X-2023-50-4-343.pdf; https://doaj.org/toc/1002-137X |
| DOI: | 10.11896/jsjkx.220100113 |
| URL الوصول: | https://doaj.org/article/05424f4e0cfb4815920e6f9f0422d4f4 |
| رقم الأكسشن: | edsdoj.05424f4e0cfb4815920e6f9f0422d4f4 |
| قاعدة البيانات: | Directory of Open Access Journals |
Full Text Finder | تدمد: | 1002137X |
|---|---|
| DOI: | 10.11896/jsjkx.220100113 |