113 matches found
CVE-2024-20383 Cisco Secure Email and Web Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...
CVE-2024-20383
Cisco Secure Email and Web Manager (Cisco AsyncOS) web-based management interface is affected by a stored XSS vulnerability due to insufficient input validation. An authenticated, remote attacker can lure a user to click a crafted link, potentially executing arbitrary script code in the interface...
ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities
Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details "details" section of...
PT-2024-3855 · Cisco · Cisco Crosswork Network Services Orchestrator
Name of the Vulnerable Software and Affected Versions: ConfD versions affected versions not specified Cisco Crosswork Network Services Orchestrator versions affected versions not specified Description: A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI coul...
Exploit for Path Traversal in Cisco Sd-Wan_Vbond_Orchestrator
CVE-2022-20818: Local Privilege Escalation via Partial File Re...
CVE-2022-20762
A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...
CVE-2022-20762
A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...
CVE-2022-20762 Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability
A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...
The vulnerability of the CLI command-line interface of the ConfD Common Execution Environment (CEE) deployment and management environment for cloud network functions based on Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure (SMI) allows a malicious actor to execute arbitrary commands and gain elevated privileges.
The vulnerability of the CLI command-line interface of the ConfD Common Execution Environment CEE for deploying and managing cloud network functions based on Cisco Ultra Cloud Core – Subscriber Microservices Infrastructure SMI is related to deficiencies in access control. Exploiting this...
CVE-2022-0652
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...
CVE-2022-0652
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...
CVE-2022-0652
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...
Default credentials
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...
CVE-2022-0652
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...
PT-2022-13331 · Sophos · Sophos Utm
Name of the Vulnerable Software and Affected Versions: Sophos UTM versions prior to 9.710 Description: The issue concerns the insecure storage of local users' SHA512crypt password hashes, including those of the root user, in Confd log files. This insecurity allows a local attacker to access these...
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability
A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...
ConfD CLI Command Injection Vulnerability
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...
PT-2022-2309 · Confd +1 · Confd +1
Name of the Vulnerable Software and Affected Versions: ConfD affected versions not specified Description: A vulnerability in the implementation of the CLI on a device running ConfD could allow an authenticated, local attacker to perform a command injection attack. The issue is due to insufficient...
CVE-2021-41025
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of...