Lucene search
K

113 matches found

Cvelist
Cvelist
added 2024/05/15 5:59 p.m.30 views

CVE-2024-20383 Cisco Secure Email and Web Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

4.8CVSS5.5AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 5:59 p.m.68 views

CVE-2024-20383

Cisco Secure Email and Web Manager (Cisco AsyncOS) web-based management interface is affected by a stored XSS vulnerability due to insufficient input validation. An authenticated, remote attacker can lure a user to click a crafted link, potentially executing arbitrary script code in the interface...

8.4CVSS6.3AI score0.00351EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2024/05/15 4:0 p.m.71 views

ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities

Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details "details" section of...

7.8CVSS7.7AI score0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.8 views

PT-2024-3855 · Cisco · Cisco Crosswork Network Services Orchestrator

Name of the Vulnerable Software and Affected Versions: ConfD versions affected versions not specified Cisco Crosswork Network Services Orchestrator versions affected versions not specified Description: A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI coul...

7.8CVSS7.1AI score0.00342EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2024/01/13 12:17 a.m.75 views

Exploit for Path Traversal in Cisco Sd-Wan_Vbond_Orchestrator

CVE-2022-20818: Local Privilege Escalation via Partial File Re...

7.8CVSS7.9AI score0.00593EPSS
Exploits1
OSV
OSV
added 2022/04/06 7:15 p.m.3 views

CVE-2022-20762

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

7.8CVSS5.8AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2022/04/06 7:15 p.m.20 views

CVE-2022-20762

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

7.8CVSS0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/04/06 6:13 p.m.10 views

CVE-2022-20762 Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

7.8CVSS6.9AI score0.00253EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/03/28 12:0 a.m.7 views

The vulnerability of the CLI command-line interface of the ConfD Common Execution Environment (CEE) deployment and management environment for cloud network functions based on Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure (SMI) allows a malicious actor to execute arbitrary commands and gain elevated privileges.

The vulnerability of the CLI command-line interface of the ConfD Common Execution Environment CEE for deploying and managing cloud network functions based on Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure SMI is related to deficiencies in access control. Exploiting this...

7.8CVSS7.8AI score0.00253EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/03/22 12:15 a.m.5 views

CVE-2022-0652

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...

7.8CVSS5.8AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2022/03/22 12:15 a.m.27 views

CVE-2022-0652

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...

7.8CVSS0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/22 12:15 a.m.5 views

CVE-2022-0652

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...

7.8CVSS7.2AI score0.00185EPSS
Exploits0References2
Prion
Prion
added 2022/03/22 12:15 a.m.27 views

Default credentials

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...

2.1CVSS7.5AI score0.00185EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/21 11:45 p.m.31 views

CVE-2022-0652

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...

3.3CVSS7.8AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/03/21 12:0 a.m.5 views

PT-2022-13331 · Sophos · Sophos Utm

Name of the Vulnerable Software and Affected Versions: Sophos UTM versions prior to 9.710 Description: The issue concerns the insecure storage of local users' SHA512crypt password hashes, including those of the root user, in Confd log files. This insecurity allows a local attacker to access these...

7.8CVSS7.6AI score0.00185EPSS
Exploits0References4
Cisco
Cisco
added 2022/03/02 4:0 p.m.40 views

Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

7.8CVSS7.6AI score0.00253EPSS
Exploits0References1
CISA
CISA
added 2022/01/20 12:0 a.m.7 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

7.5AI score
Exploits0References5
Cisco
Cisco
added 2022/01/19 4:0 p.m.35 views

ConfD CLI Command Injection Vulnerability

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...

8.8CVSS2.4AI score0.00832EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/01/19 12:0 a.m.4 views

PT-2022-2309 · Confd +1 · Confd +1

Name of the Vulnerable Software and Affected Versions: ConfD affected versions not specified Description: A vulnerability in the implementation of the CLI on a device running ConfD could allow an authenticated, local attacker to perform a command injection attack. The issue is due to insufficient...

8.8CVSS7.6AI score0.00832EPSS
Exploits0References9
OSV
OSV
added 2021/12/08 7:15 p.m.6 views

CVE-2021-41025

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of...

9.8CVSS7.4AI score0.01445EPSS
Exploits0References1
Rows per page
Query Builder