818 matches found
CVE-2017-12289
A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug...
CVE-2017-12728
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the...
CVE-2017-12255
A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...
SpiderControl SCADA Web Server Elevation of Privilege Vulnerability
SCADA Web Server is a software management platform. An elevation of privilege vulnerability exists in SpiderControl SCADA Web Server. An authenticated, non-administrative local user could change the service executable with elevated privileges, allowing an attacker to execute arbitrary code in the...
CVE-2017-14105
HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker – even restricted as a tenant – can add a jsp at...
CVE-2017-6781
A vulnerability in the management of shell user accounts for Cisco Policy Suite CPS Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to...
CVE-2017-9662
An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges...
CVE-2017-9662
An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges...
CVE-2017-6735
A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1...
CVE-2017-6732
A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.22.1PP1 4.23.0PP6 4.30.0PP4 4.31.0PP2. Known Fixed Releases: 4.32...
Cisco Prime Network Local Elevation of Privilege Vulnerability
Cisco Prime Network is an integrated component of the Cisco Prime for IP NGN suite and a standalone product. A security vulnerability in the installation process of Cisco Prime Network Software allows an authenticated local attacker to elevate to root privileges...
Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability
Cisco FireSIGHT Management Center enables centralized management of network security and operational functions for Cisco ASA with FirePOWER Services and Cisco FirePOWER devices. A security vulnerability exists in the Cisco FireSIGHT System Software in the backup and restore functions, which arise...
CVE-2017-6718
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT...
CVE-2017-6705
A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1...
CVE-2017-6719
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases:...
Cisco IOS XR Software Local Command Injection Vulnerability
Cisco IOS is the interconnected Internet operating system used on most Cisco Systems routers and network switches. Cisco IOS XR Software has a security vulnerability in the CLI implementation, where an authenticated local attacker can execute arbitrary commands with root privileges on the host...
Cisco Prime Collaboration Provisioning Tool Local Information Disclosure Vulnerability
Cisco Prime Collaboration is a comprehensive video and voice service assurance and management system. A security vulnerability exists in the file system in the Cisco Prime Collaboration Provisioning tool where an authenticated local attacker obtains sensitive information...
CVE-2017-6696
A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.32...
CVE-2017-6695
A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839...
CVE-2017-6598
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege...