Lucene search
K

23 matches found

The Hacker News
The Hacker News
added 2023/07/14 7:5 a.m.81 views

Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. "A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced," the...

9.1CVSS7AI score0.59041EPSS
Exploits0
CVE
CVE
added 2022/09/30 6:45 p.m.71 views

CVE-2022-20844

Cisco SD-AVC on Cisco vManage exposes a GUI authentication flaw that can be exploited remotely via a default static username/password, potentially exposing device names, logs, and DNS server IPs. Affected component is the Cisco SD-AVC GUI accessible on self-managed cloud or local server installat...

5.3CVSS5.4AI score0.00747EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.5 views

Cisco vManage 信任管理问题漏洞

Cisco vManage is a highly customizable dashboard from Cisco, Inc. that simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Cisco vManage is vulnerable to a trust management issue. A remote attacker exploiting this vulnerability would be able to acces...

5.3CVSS5.8AI score0.00747EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/05/31 12:0 a.m.6 views

The vulnerability of the CLI component of the Cisco SD-WAN vManage centralized network management system allows a attacker to execute arbitrary commands.

The vulnerability of the CLI component in the Cisco SD-WAN vManage centralized network management system is related to insecure privilege management. Exploiting this vulnerability could allow an attacker to execute arbitrary commands using a specially created file...

7.3CVSS6.8AI score0.00581EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.7 views

The vulnerability of the History API component in the Cisco SD-WAN vManage network management system allows a attacker to disclose protected information.

The vulnerability of the History API component in the Cisco SD-WAN vManage network management system is related to errors in request processing. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

6.8CVSS6.1AI score0.00877EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/15 12:0 a.m.5 views

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the vManage web interface of the Cisco SD-WAN software-defined network is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information by sending specially crafted requests...

4.3CVSS5.5AI score0.00367EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/05/06 1:15 p.m.5 views

CVE-2021-1535

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This...

5.3CVSS6.1AI score0.01218EPSS
Exploits0References1
OSV
OSV
added 2021/05/06 1:15 p.m.7 views

CVE-2021-1284

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able t...

8.8CVSS7.2AI score0.00441EPSS
Exploits0References1
NVD
NVD
added 2021/03/24 8:15 p.m.22 views

CVE-2021-1433

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this...

9.3CVSS0.02256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/03/24 8:5 p.m.8 views

CVE-2021-1433 Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this...

8.1CVSS8.4AI score0.02256EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/03/24 8:5 p.m.21 views

CVE-2021-1433 Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this...

8.1CVSS8.8AI score0.02256EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/03/15 12:0 a.m.5 views

The vulnerability of the vDaemon service in the Cisco SD-WAN vManage centralized system allows a attacker to trigger a service failure.

The vulnerability of the vDaemon service in the Cisco SD-WAN vManage centralized network management system is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

5.5CVSS5.4AI score0.00601EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/08 12:0 a.m.7 views

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a malicious individual to gain unauthorized access to protected information.

The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network is due to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

5.5CVSS5.9AI score0.00306EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/01/21 12:0 a.m.4 views

Cisco SD-WAN vMange Command Injection Vulnerability (CNVD-2021-05389)

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A command injection vulnerability exists in the Cisco SD-WAN vMange software. The vulnerability stems from the program not properly validati...

9CVSS8.2AI score0.02371EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.6 views

Cisco SD-WAN vManage Software 安全漏洞

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. A Cypher query language injection vulnerability exists in the Web management interface of Cisco SD-WAN vManage versions prior to 20.3.2, which can be exploited by an attacker to obtain...

6.5CVSS6.6AI score0.0141EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.5 views

多款Cisco产品命令注入漏洞

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A command injection vulnerability exists in the Cisco SD-WAN vMange software. The vulnerability stems from the program not properly validati...

9CVSS7.5AI score0.02371EPSS
Exploits0References5
OSV
OSV
added 2020/11/06 7:15 p.m.4 views

CVE-2020-27129

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the...

6.7CVSS5.9AI score0.00321EPSS
Exploits0References1
CNVD
CNVD
added 2020/10/09 12:0 a.m.4 views

Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability (CNVD-2020-57577)

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A cross-site scripting vulnerability exists in Cisco SD-WAN vManage Software. The vulnerability stems from a lack of proper validation of client data by the WEB application. ...

6.4CVSS6.3AI score0.00626EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/07/21 12:0 a.m.5 views

The vulnerability in the vManage web management interface of the Cisco SD-WAN programmable network allows a attacker to execute cross-site scripting (XSS) attacks.

The vulnerability in the vManage web management interface of the Cisco SD-WAN program-defined network is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

6.4CVSS6AI score0.00819EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/07/16 6:15 p.m.5 views

CVE-2020-3437

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this...

6.5CVSS6.9AI score0.02877EPSS
Exploits3References2
Rows per page
Query Builder