Lucene search
+L

123 matches found

NVD
NVD
added 2020/09/24 6:15 p.m.37 views

CVE-2020-3477

A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker...

5.5CVSS0.00324EPSS
Exploits0References1
Prion
Prion
added 2020/09/24 6:15 p.m.19 views

Design/Logic Flaw

A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker...

2.1CVSS5.5AI score0.00324EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/09/24 5:52 p.m.120 views

CVE-2020-3477

CVE-2020-3477 affects Cisco IOS and IOS XE CLI parser. An authenticated, local attacker could obtain read-only access to files on the flash: filesystem due to insufficient command restrictions. Exploitation is local with no user interaction beyond authentication. Cisco’s advisory and related Ness...

5.5CVSS5.5AI score0.00324EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/24 5:52 p.m.37 views

CVE-2020-3477 Cisco IOS and IOS XE Software Information Disclosure Vulnerability

A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker...

5.5CVSS5.5AI score0.00324EPSS
Exploits0References1
Cisco
Cisco
added 2020/09/24 4:0 p.m.49 views

Cisco IOS and IOS XE Software Information Disclosure Vulnerability

A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker...

5.5CVSS5.5AI score0.00324EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/03/19 12:0 a.m.30 views

Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers Privileged EXEC Mode Root Shell Access (cisco-sa-20180328-privesc3)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the CLI parser due to improperly sanitizing command arguments to prevent access to internal data structures on a device. An authenticated, local attacker with privileged EXEC mode privilege level 15...

7.2CVSS7.1AI score0.00424EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/12/13 12:0 a.m.48 views

Cisco IOS XE Software Privileged EXEC Mode Root Shell Access (cisco-sa-20180926-privesc)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the CLI parser due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux file system on a device. An authenticated, local attacker who has...

7.2CVSS7.1AI score0.0039EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/12/13 12:0 a.m.34 views

Cisco IOS XE Software CLI Command Injection Multiple Vulnerabilities (cisco-sa-20180328-cmdinj)

According to its self-reported version, Cisco IOS XE Software is affected by multiple vulnerabilities in the CLI parser because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An authenticated, local attacker can...

7.8CVSS7.5AI score0.006EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2019/11/29 12:0 a.m.75 views

Cisco IOS XE Software User EXEC Mode Root Shell Access Multiple Vulnerabilities (cisco-sa-20180328-privesc1)

According to its self-reported version, Cisco IOS XE Software is affected by multiple vulnerabilities in the CLI parser due to improper sanitization of command arguments to prevent access to internal data structures on a device. An authenticated, local attacker with user EXEC mode access to an...

7.8CVSS7.7AI score0.00503EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.20 views

Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileg...

7.2CVSS7AI score0.00424EPSS
Exploits0References3
NVD
NVD
added 2018/10/05 2:29 p.m.30 views

CVE-2018-0477

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

7.2CVSS7AI score0.00492EPSS
Exploits0References2
OSV
OSV
added 2018/10/05 2:29 p.m.4 views

CVE-2018-0481

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

6.7CVSS6.1AI score0.00492EPSS
Exploits0References2
Prion
Prion
added 2018/10/05 2:29 p.m.23 views

Design/Logic Flaw

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

7.2CVSS7AI score0.00492EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/10/05 2:29 p.m.17 views

Design/Logic Flaw

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...

7.2CVSS7AI score0.0039EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/10/05 2:29 p.m.20 views

Design/Logic Flaw

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

7.2CVSS7AI score0.00492EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/10/05 2:0 p.m.37 views

CVE-2018-15368 Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...

7AI score0.0039EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/10/05 2:0 p.m.26 views

CVE-2018-0481 Cisco IOS XE Software Command Injection Vulnerabilities

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

7AI score0.00492EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/10/05 2:0 p.m.10 views

CVE-2018-0477 Cisco IOS XE Software Command Injection Vulnerabilities

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

7.7AI score0.00492EPSS
Exploits0References2
CVE
CVE
added 2018/10/05 2:0 p.m.84 views

CVE-2018-0477

The CVE-2018-0477 entry describes a local, command-injection vulnerability in the CLI parser of Cisco IOS XE Software. An authenticated attacker with Privilege Level 15 can exploit improper sanitization of CLI command arguments to access internal data structures and execute arbitrary root command...

7.2CVSS7AI score0.00492EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/10/05 2:0 p.m.88 views

CVE-2018-0481

The CVE-2018-0481 issue is a vulnerability in the Cisco IOS XE Software CLI parser that allows a locally authenticated attacker with privileged EXEC access to inject and run arbitrary commands as root on the device’s Linux shell. Root cause: improper sanitization of CLI command arguments, allowin...

7.2CVSS7AI score0.00492EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder