PEM module heap overflow vulnerability in multiple Huawei products

Huawei DP300, IPS Module, and NGFW Module are all products of Huawei China. A heap overflow vulnerability exists in the PEM module of multiple Huawei products, which can be exploited by an authenticated local attacker to launch a denial-of-service attack by constructing a malicious certificate th...

PEM module null pointer access vulnerability in multiple Huawei products

Huawei DP300, IPS Module, and NGFW Module are all products of Huawei China. A null pointer access vulnerability exists in the PEM module of multiple Huawei products, which can be exploited by an authenticated local attacker to cause a denial-of-service attack by calling the PEM decoder with...

PEM module denial of service vulnerability in multiple Huawei products

Huawei DP300, IPS Module, and NGFW Module are all products of Huawei China. A denial of service vulnerability exists in the PEM module of multiple Huawei products, which can be exploited by an authenticated local attacker to launch a denial of service attack by constructing a malicious certificat...

CVE-2017-12338

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted...

CVE-2017-12340

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

Cisco IP Phone 8800 Series Debug Interface Command Injection Vulnerability

The Cisco IP Phone 8800 is a phone product from Cisco that provides video and VoIP communication features. debug interface is one of the debugging interfaces. A command injection vulnerability exists in the debug interface in the Cisco IP Phone 8800 series that stems from the program failing to...

CVE-2017-12289

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug...

CVE-2017-12286

A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in t...

CVE-2017-12728

An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the...

CVE-2017-12255

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

SpiderControl SCADA Web Server Elevation of Privilege Vulnerability

SCADA Web Server is a software management platform. An elevation of privilege vulnerability exists in SpiderControl SCADA Web Server. An authenticated, non-administrative local user could change the service executable with elevated privileges, allowing an attacker to execute arbitrary code in the...

CVE-2017-14105

HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker – even restricted as a tenant – can add a jsp at...

CVE-2017-6781

A vulnerability in the management of shell user accounts for Cisco Policy Suite CPS Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to...

CVE-2017-9662

An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges...

CVE-2017-9662

An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges...

CVE-2017-6735

A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1...

CVE-2017-6732

A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.22.1PP1 4.23.0PP6 4.30.0PP4 4.31.0PP2. Known Fixed Releases: 4.32...

Cisco Prime Network Local Elevation of Privilege Vulnerability

Cisco Prime Network is an integrated component of the Cisco Prime for IP NGN suite and a standalone product. A security vulnerability in the installation process of Cisco Prime Network Software allows an authenticated local attacker to elevate to root privileges...

Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability

Cisco FireSIGHT Management Center enables centralized management of network security and operational functions for Cisco ASA with FirePOWER Services and Cisco FirePOWER devices. A security vulnerability exists in the Cisco FireSIGHT System Software in the backup and restore functions, which arise...

CVE-2017-6719

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases:...