182 matches found
CVE-2020-11963
CVE-2020-11963 affects IQrouter up to firmware 3.3.1. When the device is unconfigured, the web-panel is vulnerable to Bash Shell Metacharacter Injection leading to remote code execution and potential root privileges. Documented impact includes multiple RCE vectors in the web-panel; exploitation r...
CVE-2020-11963
IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...
LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers
Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...
Cisco NX-OS Software Bash Bypass Guest Shell (cisco-sa-20190515-nxos-bash-bypass)
According to its self-reported version, Cisco NX-OS Software is affected by following vulnerability in the Bash shell implementation due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An authenticated, local attacker c...
Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials...
Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability
According to its self-reported version, a bash shell implementation for Cisco NX-OS software is affected access control bypass privilege vulnerability. An authenticated local attacker can escalate their privilege level by executing commands authorized to other user roles. TRUSTED...
The vulnerability in the Bash shell implementation of the Cisco NX-OS network operating system allows a hacker to execute arbitrary commands.
The vulnerability of the Bash command shell implementation in the Cisco NX-OS network operating system of Cisco devices is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to bypass the restrictions of the Guest Shell and execute arbitrary commands...
Command injection
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must...
CVE-2019-1730
Cisco NX-OS Software contains a Bash bypass vulnerability (CVE-2019-1730) where the Bash shell invocation in the restricted Guest Shell can be exploited by an authenticated, local attacker to run commands at the network-admin level outside the Guest Shell. The root cause is the incorrect implemen...
Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must...
UBUNTU-CVE-2019-9804
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...
The vulnerability of the limited command interpreter rbash in the Bash shell allows a hacker to execute arbitrary commands.
The vulnerability of the limited command interpreter rbash in the Bash shell lies in insufficient validation of the values of the BASHCMDS array. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...
The vulnerability in the Bash shell implementation of the Cisco NX-OS network operating system allows a hacker to elevate their privileges to the root level.
The vulnerability of the Bash shell implementation in the Cisco NX-OS network operating system devices relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker to elevate their privileges to root by entering a specially created command in the Bash command...
The vulnerability in the implementation of the Bash shell of the Cisco NX-OS network operating system in Cisco devices allows a hacker to increase their privileges.
The vulnerability of the Bash shell implementation of the Cisco NX-OS network operating system in Cisco devices is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
Design/Logic Flaw
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. A...
CVE-2019-1596 Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. A...
CVE-2019-1596 Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. A...
Cisco NX-OS Elevation of Privilege Vulnerability
Cisco NX-OS is a set of data center-grade operating system software used by switches. An elevation of privilege vulnerability exists in the Bash shell implementation of Cisco NX-OS. The vulnerability stems from a failure of the Bash shell commands to be implemented correctly, resulting in the...
Cisco NX-OS Software Privilege License and Access Control Vulnerability
Cisco Nexus 9500 R-Series Line Cards and Fabric Modules and so on are the products of Cisco Corporation.Cisco Nexus 9500 R-Series Line Cards and Fabric Modules is a 9500R Series Line Cards Modules.Cisco Nexus 3000 Series Switches is a 3000 Series Switch.Cisco Nexus 3500 Platform Switches is a 350...
CVE-2019-1593
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to th...